CVE-2025-34025

UNKNOWN 0.0

Versa Concerto Insecure Docker Mount Container Escape

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code execution or direct host access depending on the host operating system configuration.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.

CWE	CWE-732
Vendor	versa
Product	concerto
Published	May 21, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for versa concerto

Be the first to know when new unknown vulnerabilities affecting versa concerto are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Versa / Concerto

12.1.2 ≤ 12.2.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

projectdiscovery.io: https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce

Credits

ProjectDiscovery Harsh Jaiswal Rahul Maini Parth Malhotra