7.5 CVE-2025-34026

CISA Kev Catalog Exploit

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.
https://nvd.nist.gov/vuln/detail/CVE-2025-34026

References

134c704f-9b21-4f2e-91b3-4a467353bcc0 Exploit

https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce Exploit Mitigation Third Party Advisory
https://security-portal.versa-networks.com/emailbulletins/6830f94328defa37548... Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-20... US Government Resource

disclosure@vulncheck.com Exploit

https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce Exploit Mitigation Third Party Advisory

CPE

cpe	start	end
Configuration 1
cpe:2.3:a:versa-networks:concerto::::::::	>= 11.4.0	< 12.1.2
cpe:2.3:a:versa-networks:concerto:12.1.2:-::::::
cpe:2.3:a:versa-networks:concerto:12.2.0:::::::*

REMEDIATION

EXPLOITS

Exploit-db.com

id	description	date
No known exploits

POC Github

Url

Other Nist (github, ...)

Url
https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce
https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
No entry

Cybersecurity needs ?

Strengthen software security from the outset with our DevSecOps expertise

Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.

Discover this offer

Soutenez No Hack Me sur Tipeee