216.73.216.233

CVE-2025-34026

· Published 22/01/2026 01:00 · Modified 28/01/2026 15:52 · Author: Cybersecurity and Infrastructure Security Agency

Labels: CVE-2025-34026 2025-05-21CVE-2025-34026CWE-287[email protected]

Essential information

Published
22/01/2026 01:00
Modified
28/01/2026 15:52
Author
Cybersecurity and Infrastructure Security Agency
Creator
Cybersecurity and Infrastructure Security Agency
CVSS
7.5 HIGH (v3.1) 9.2 CRITICAL (v4.0)
CISA KEV
Yes
CWE
CVSS vector
CVSS:3.1/AV:N/C:H/I:N/A:N

CVSS metrics

Description

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
versa / concerto cpe:2.3:a:versa:concerto:12.1.2-12.2.0:*:*:*:*:*:*:*

References

Related entities

Attack reports, intrusion sets, malwares, attack patterns and indicators linked to this vulnerability.

Attack reports (1)