CyberSecurity news
FlagThis
Andres Ramos@Arctic Wolf
//
Versa Concerto, a network security and SD-WAN orchestration platform, is facing scrutiny after the public disclosure of multiple unpatched vulnerabilities. ProjectDiscovery researchers revealed technical details on May 21, 2025, following a 90-day responsible disclosure period that began on February 13, 2025. The disclosed flaws include authentication bypasses, remote code execution (RCE), and container escapes, posing a significant threat to the platform and its underlying host systems. The platform is a Spring Boot-based application deployed via Docker containers and routed through Traefik, making it vulnerable to attacks targeting these components.
These vulnerabilities, when chained together, could allow a complete system compromise. One notable flaw, CVE-2025-34027, carries a maximum severity score of 10.0 and involves a URL decoding inconsistency issue. This could facilitate unauthorized access to file upload endpoints and enable remote code execution. Other critical vulnerabilities include CVE-2025-34026, an authentication bypass allowing access to administrative endpoints, and CVE-2025-34025, a privilege escalation leading to Docker container escape and code execution on the host machine.
Despite the disclosure of these vulnerabilities, Versa Networks has stated that patches were implemented in early March and made publicly available in mid-April. According to a Versa Networks spokesperson, all affected customers were notified through established security and support channels with guidance on applying the recommended updates, and there is no indication that these vulnerabilities were exploited in the wild. However, ProjectDiscovery researchers initially noted the lack of patches, prompting the need for public disclosure after the 90-day deadline passed.
ImgSrc: arcticwolf.com
References :
These vulnerabilities, when chained together, could allow a complete system compromise. One notable flaw, CVE-2025-34027, carries a maximum severity score of 10.0 and involves a URL decoding inconsistency issue. This could facilitate unauthorized access to file upload endpoints and enable remote code execution. Other critical vulnerabilities include CVE-2025-34026, an authentication bypass allowing access to administrative endpoints, and CVE-2025-34025, a privilege escalation leading to Docker container escape and code execution on the host machine.
Despite the disclosure of these vulnerabilities, Versa Networks has stated that patches were implemented in early March and made publicly available in mid-April. According to a Versa Networks spokesperson, all affected customers were notified through established security and support channels with guidance on applying the recommended updates, and there is no indication that these vulnerabilities were exploited in the wild. However, ProjectDiscovery researchers initially noted the lack of patches, prompting the need for public disclosure after the 90-day deadline passed.
ImgSrc: arcticwolf.com
Share:
References :
- Arctic Wolf: Multiple Unpatched Vulnerabilities in Versa Concerto Disclosed
- The Hacker News: Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise Host
- securityonline.info: Unpatched 0-Days (CVSS 10): Versa Concerto Flaws Threaten Enterprise Networks
- BleepingComputer: Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE
- thecyberexpress.com: Versa Patches 3 Concerto SD-WAN Vulnerabilities, Including a Perfect 10.0
- Arctic Wolf: Multiple Unpatched Vulnerabilities in Versa Concerto Disclosed
- www.scworld.com: Significant compromise possible with critical Versa Concerto flaws
- arcticwolf.com: Multiple Unpatched Vulnerabilities in Versa Concerto Disclosed
- Blog: Project Discovery has disclosed several vulnerabilities in Versa Concerto, a tool used to configure and monitor Versa devices in networks.
- Blog: Security researchers have identified several critical vulnerabilities in Versa Concerto, a centralized management platform for Versa Networks' SD-WAN and SASE solutions.
- projectdiscovery.io: The Versa Concerto vulnerabilities were revealed by Project Discovery in a earlier this week, which said Versa hadn’t responded to the researchers’ disclosures that were first made in February.
Classification:
- HashTags: #VersaConcerto #RCE #Vulnerability
- Company: Versa Networks
- Target: Versa Concerto Platform
- Product: Concerto
- Feature: Remote Code Execution
- Type: Vulnerability
- Severity: Critical