CVE-2025-34027

UNKNOWN 0.0

Versa Concerto Authentication Bypass File Write Remote Code Execution

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use (TOCTOU) write in combination with a race condition to achieve remote code execution via path loading manipulation, allowing an unauthenticated actor to achieve remote code execution (RCE).This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.

CWE	CWE-367
Vendor	versa
Product	concerto
Published	May 21, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for versa concerto

Be the first to know when new unknown vulnerabilities affecting versa concerto are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Versa / Concerto

12.1.2 ≤ 12.2.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

projectdiscovery.io: https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce

Credits

ProjectDiscovery Harsh Jaiswal Rahul Maini Parth Malhotra