VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.

Related CVEs

CVE-2018-6961

Key Information

GHSA ID

GHSA-rvjq-qp5f-gvx6

Published

May 13, 2022 1:53 AM

Last Modified

January 28, 2025 12:32 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 19, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.