Which versions of Concerto are affected by CVE-2025-34026?

Organizations using Versa Concerto SD-WAN orchestration platform face critical risk from CVE-2025-34026 rated CVSS 9.2.

Is there a public PoC exploit available for CVE-2025-34026?

Yes, a public proof-of-concept exploit is available for CVE-2025-34026. Prioritise patching immediately. EPSS: 75.1%.

How to fix or mitigate CVE-2025-34026?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Monitor vendor channels for patch availability.

Concerto CVE-2025-34026

Q: What is the CVSS score of CVE-2025-34026?

CVE-2025-34026 has a CVSS 4.0 base score of 9.2 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 75.1%.

CRITICAL

Authentication Bypass Using an Alternate Path or Channel (CWE-288)

2025-05-21 disclosure@vulncheck.com

Authentication Bypass Concerto

9.2

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:43 vuln.today

Added to CISA KEV

Jan 23, 2026 - 18:39 cisa

CISA KEV

PoC Detected

Jan 23, 2026 - 18:39 vuln.today

Public exploit code

CVE Published

May 21, 2025 - 22:15 nvd

CRITICAL 9.2

DescriptionNVD

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.

AnalysisAI

Versa Concerto SD-WAN orchestration platform contains an authentication bypass in Traefik reverse proxy configuration, exposing Actuator endpoints with heap dumps and trace logs.

Technical ContextAI

The CWE-288 authentication bypass in Traefik proxy misconfiguration allows unauthenticated access to Spring Boot Actuator endpoints including /actuator/heapdump (memory contents) and /actuator/trace (request logs with credentials).

RemediationAI

Apply Versa security updates. Restrict access to Actuator endpoints. Rotate all credentials that may have been exposed through heap dumps.

CVE-2025-34026 vulnerability details – vuln.today

Back

Concerto CVE-2025-34026

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

Concerto CVE-2025-34026

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code