CVE-2025-23170 – Versa Networks Shell-In-A-Box Python Command Injection Vulnerability

June 18, 2025

CVE ID : CVE-2025-23170

Published : June 19, 2025, 12:15 a.m. | 1 hour, 47 minutes ago

Description : The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command injection through the user argument. This allows an attacker to execute arbitrary commands on the system.

Exploitation Status:

Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.

Workarounds or Mitigation:

There are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.

Severity: 6.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-23171 – Versa Networks Versa Director Insecure File Upload and UCPE Image Upload Vulnerability

Next Article CVE-2025-23169 – Versa Networks Director Cross-Site Scripting Vulnerability

IBM launches new integration to help unify AI security and governance

Meet Accessible UX Research, A Brand-New Smashing Book

Modernizing your approach to governance, risk and compliance

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

With Windows 10 circling the drain, Windows 11 sees a long-overdue surge

This PC app boosts FPS in any game on any GPU for only $7 — and it just got a major update

Sam Altman claims Meta is trying to poach OpenAI staffers with $100 million bonuses, but “none of our best people have decided to take them up on that”

Why Inclusive Design Solutions Are important for Accessibility

Why Inclusive Design Solutions Are important for Accessibility

Microsoft Copilot for Power Platform

Integrate Coveo Atomic CLI-Based Hosted Search Page into Adobe Experience Manager (AEM)

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

With Windows 10 circling the drain, Windows 11 sees a long-overdue surge

This PC app boosts FPS in any game on any GPU for only $7 — and it just got a major update

CVE-2025-23170 – Versa Networks Shell-In-A-Box Python Command Injection Vulnerability

CVE-2025-49591 – CryptPad Two-Factor Authentication Path Parameter Bypass

CVE-2025-49590 – CryptPad Link Bouncer JavaScript URI Bypass XSS

IBM Releases Granite 3.3 8B: A New Speech-to-Text (STT) Model that Excels in Automatic Speech Recognition (ASR) and Automatic Speech Translation (AST)

CVE-2025-20973 – Android Secure Folder Authentication Bypass

Rilasciata /e/OS 3.0: Nuova Vita per Android Senza Google, Più Privacy e Controllo per l’Utente

Identity theft – six tips to help keep yours safe

CVE-2025-47303 – Apache Struts Command Injection

Ubuy Scales E-Commerce Globally and Unlocks AI With MongoDB

CVE-2025-48471 – FreeScout Apache Remote Code Execution Vulnerability

Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

CVE-2025-23170 – Versa Networks Shell-In-A-Box Python Command Injection Vulnerability

Related Posts