The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use (TOCTOU) write in combination with a race condition to achieve remote code execution via path loading manipulation, allowing an unauthenticated actor to achieve remote code execution (RCE).This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.

Available Exploits

Versa Concerto API Path Based - Authentication Bypass

Authentication bypass in the Versa Concerto API, caused by URL decoding inconsistencies. It allowed unauthorized access to certain API endpoints by manipulating the URL path.This issue enabled attackers to bypass authentication controls and access restricted resources.

ID: CVE-2025-34027

Author: iamnoooobrootxharshparthmalhotrapdresearch Critical

References:

Related News

No news articles found for this CVE.

Affected Products

Versa

Concerto

Affected Versions:

12.1.2

References

https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce

Published: 2025-05-21T21:58:31.698Z

Last Modified: 2025-05-28T03:56:04.254Z

Copied to clipboard!