CVE-2025-34026HIGH 7.5CISA KEVEPSS p99.6%

CVE-2025-34026Versa Concerto Improper Authentication Vulnerability

Versa / Concerto

Description

Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.

Scoring

CVSS 3.17.5 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS83.38% probability of exploitation · percentile 99.6% · 2026-06-16T12:03:06Z
Published2025-05-21
Last modified2026-01-23

CISA KEV entry

Added to KEV: 2026-01-22

Underlying weaknesses· 1

CWE-288

References

  1. https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce
  2. https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce
  3. https://security-portal.versa-networks.com/emailbulletins/6830f94328defa375486ff2e
  4. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-34026

1

TypeTargetConfidenceTier
WeaknessAuthentication Bypass Using an Alternate Path or Channelcwe-2880%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryVersa Concerto Improper Authentication Vulnerabilitykev-cve-2025-340260%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-35051
CVE
CVE-2025-46412
CVE
CVE-2026-10622
CVE
CVE-2025-23168
CVE
CVE-2026-20127
CVE
CVE-2025-24288
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.