DEV Community

Cover image for CVE-2025-34026: Versa Concerto Improper Authentication Vulnerability
Freedom Coder
Freedom Coder

Posted on • Originally published at scyscan.com

CVE-2025-34026: Versa Concerto Improper Authentication Vulnerability

#versa #concerto #cybersecurity #vulnerability

CVE ID

CVE-2025-34026

Vulnerability Name

Versa Concerto Improper Authentication Vulnerability

  • Project: Versa
  • Product: Concerto

Date

  • Date Added: 2026-01-22
  • Due Date: 2026-02-12

Description

Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://security-portal.versa-networks.com/emailbulletins/6830f94328defa375486ff2e ; https://nvd.nist.gov/vuln/detail/CVE-2025-34026

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

Top comments (0)