CVE-2025-34026

CRITICAL
2025-05-21 [email protected]
9.2
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
Mar 28, 2026 - 18:43 vuln.today
Added to CISA KEV
Jan 23, 2026 - 18:39 cisa
CISA KEV
PoC Detected
Jan 23, 2026 - 18:39 vuln.today
Public exploit code
CVE Published
May 21, 2025 - 22:15 nvd
CRITICAL 9.2

Tags

Authentication Bypass Concerto

Description

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.

Analysis

Versa Concerto SD-WAN orchestration platform contains an authentication bypass in Traefik reverse proxy configuration, exposing Actuator endpoints with heap dumps and trace logs.

Technical Context

The CWE-288 authentication bypass in Traefik proxy misconfiguration allows unauthenticated access to Spring Boot Actuator endpoints including /actuator/heapdump (memory contents) and /actuator/trace (request logs with credentials).

Affected Products

['Versa Concerto 12.1.2 through 12.2.0']

Remediation

Apply Versa security updates. Restrict access to Actuator endpoints. Rotate all credentials that may have been exposed through heap dumps.

Priority Score

191
Low Medium High Critical
KEV: +50
EPSS: +75.1
CVSS: +46
POC: +20

Share

CVE-2025-34026 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy