CVE-2025-34027 CRITICAL

CVE-2025-34027: Versa Concerto Authentication Bypass File Write Remote Code Execution

Vendor Versa
Product Concerto
Weakness CWE-367
Published May 21, 2025
Last update February 26, 2026

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

What the vulnerability does

01Description

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use (TOCTOU) write in combination with a race condition to achieve remote code execution via path loading manipulation, allowing an unauthenticated actor to achieve remote code execution (RCE).This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.

Key dates

02Disclosure timeline

May 21, 2025 CVE published
February 26, 2026 Record updated