CVE-2025-34027

CRITICAL EXPLOITED NUCLEI

Versa Concerto - Auth Bypass & RCE

Title source: llm

Description

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use (TOCTOU) write in combination with a race condition to achieve remote code execution via path loading manipulation, allowing an unauthenticated actor to achieve remote code execution (RCE).This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.

Nuclei Templates (1)

Versa Concerto API Path Based - Authentication Bypass

CRITICALVERIFIEDby iamnoooob,rootxharsh,parthmalhotra,pdresearch

Shodan: http.favicon.hash:-534530225

References (1)

[Various Sources] https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce

Scores

CVSS v4 10.0

EPSS 0.0499

EPSS Percentile 89.7%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

Details

VulnCheck KEV 2025-07-21

CWE

CWE-367

Status published

Products (1)

Versa/Concerto 12.1.2 - 12.2.0

Published May 21, 2025

Tracked Since Feb 18, 2026