Authentication Bypass Vulnerability in Versa Concerto SD-WAN Platform
CVE-2025-34027

10CRITICAL

Key Information:

Vendor

Versa

Status
Concerto
Vendor
CVE Published:
21 May 2025

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2025-34027?

The Versa Concerto SD-WAN orchestration platform is subject to an authentication bypass vulnerability within the Traefik reverse proxy configuration. This flaw permits unauthorized access to administrative endpoints. An attacker can exploit the Spack upload endpoint through a Time-of-Check to Time-of-Use (TOCTOU) condition in conjunction with a race condition, facilitating remote code execution via path loading manipulation. The issue impacts versions 12.1.2 to 12.2.0, with potential implications for additional versions.

Affected Version(s)

Concerto 12.1.2 <= 12.2.0

News Articles

favicon imageThe Hacker News

Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise Host

Three critical Versa Concerto flaws disclosed after 90 days allow remote code execution via reverse proxy misconfigurations.

2 weeks ago

favicon imageBleepingComputer

Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE

Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems.

2 weeks ago

References

https://projectdiscovery.io/blog/versa-concerto-authentic...
exploitmitigation

CVSS V4

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 📰

    First article discovered by BleepingComputer

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

ProjectDiscovery
.
CVE-2025-34027 : Authentication Bypass Vulnerability in Versa Concerto SD-WAN Platform