
CVE-2025-34025 – Versa Concerto Insecure Docker Mount Container Escape
https://notcve.org/view.php?id=CVE-2025-34025
21 May 2025 — The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code execution or direct host access depending on the host operating system configuration.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable. • https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVE-2025-34026 – Versa Concerto Actuator Authentication Bypass Information Leak
https://notcve.org/view.php?id=CVE-2025-34026
21 May 2025 — The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable. • https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce • CWE-287: Improper Authentication •

CVE-2025-34027 – Versa Concerto Authentication Bypass File Write Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-34027
21 May 2025 — The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use (TOCTOU) write in combination with a race condition to achieve remote code execution via path loading manipulation, allowing an unauthenticated actor to achieve remote code execution (RCE).This issue is known to affect Concerto from 12.1.2 th... • https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce • CWE-287: Improper Authentication CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •