Unrated severityCISA KEVNVD Advisory· Published May 21, 2025· Updated Jan 23, 2026

Versa Concerto Actuator Authentication Bypass Information Leak

CVE-2025-34026

Description

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.

Affected products

Versa/Concertov5
Range: 12.1.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

projectdiscovery.io/blog/versa-concerto-authentication-bypass-rcemitreexploitmitigation

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.057
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000