CVE-2025-23168

The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication (2FA) using One-Time Passcodes (OTP) delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a valid username and password to redirect the OTP delivery (SMS/email) to their own device. OTP/TOTP codes are not invalidated after use, enabling reuse by an attacker who has previously intercepted or obtained a valid code. In addition, the 2FA system does not adequately restrict the number or frequency of login attempts. The OTP values are generated from a relatively small keyspace, making brute-force attacks more feasible. <br /> <br /> Exploitation Status: <br /> <br /> Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. <br /> <br /> Workarounds or Mitigation: <br /> <br /> Versa recommends that Director be upgraded to one of the remediated software versions.