CRITICAL🇵🇱 Wersja polska

CVE-2025-34027

CVSS 10.0v4.0pub. 2025-05-21upd. 2026-04-15

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use (TOCTOU) write in combination with a race condition to achieve remote code execution via path loading manipulation, allowing an unauthenticated actor to achieve remote code execution (RCE).This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.

🤖 AI Analysis
How it works

The vulnerability consists of two related stages. The first is an authentication bypass in the Traefik reverse proxy configuration, which allows the attacker to access administrative endpoints without any credentials. Subsequently, through the Spack file upload endpoint, the attacker can execute a Time-of-Check to Time-of-Use (TOCTOU, CWE-367) attack — the time window between file verification and its use is exploited in conjunction with a race condition to manipulate the module loading path. As a result, the attacker can cause arbitrary code execution on the server.

Impact

An unauthenticated remote attacker can achieve full code execution (RCE) on the SD-WAN orchestration platform, which in practice means complete takeover of the managed network infrastructure and potential threat to connected systems (high impact on system confidentiality and integrity as well as related systems).

Mitigation & patch

Patches available from the vendor should be applied as soon as possible in accordance with references. The description does not indicate a specific patched version — it is recommended to contact Versa Networks and monitor the vendor's official security channels. Until the patch is deployed, it is recommended to restrict network access to the Concerto platform's administrative endpoints and verify Traefik configuration for access control.

Who is affected

Versa Concerto SD-WAN Orchestration Platform in versions 12.1.2 through 12.2.0 inclusive. The vendor indicates that additional versions may also be vulnerable.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEAuth BypassRace Condition
CWE
References