Critical severityNVD Advisory· Published May 21, 2025· Updated Apr 15, 2026
CVE-2025-34027
CVE-2025-34027
Description
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use (TOCTOU) write in combination with a race condition to achieve remote code execution via path loading manipulation, allowing an unauthenticated actor to achieve remote code execution (RCE).This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: 12.1.2 - 12.2.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.