CVE-2025-34026
Published: 21 May 2025
Summary
CVE-2025-34026 is a critical-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Versa-Networks Concerto. Its CVSS base score is 9.2 (Critical).
Operationally, ranked in the top 1.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-7 (Boundary Protection).
Deeper analysis
The Versa Concerto SD-WAN orchestration platform contains an authentication bypass vulnerability in its Traefik reverse proxy configuration, tracked as CVE-2025-34026 and assigned CWE-288. The flaw affects versions 12.1.2 through 12.2.0, with additional versions potentially impacted, and enables unauthenticated access to administrative endpoints including the internal Actuator, which exposes heap dumps and trace logs. The vulnerability carries a CVSS 4.0 score of 9.2 reflecting network attack vector, low complexity, and high confidentiality impact.
An unauthenticated remote attacker can exploit the bypass to reach protected administrative interfaces without credentials, obtaining sensitive runtime data such as heap dumps and trace logs that may contain credentials or other internal state. The attack requires no user interaction or privileges and can be performed over the network.
Versa Networks has published guidance via its security portal bulletin, while CISA includes the CVE in its Known Exploited Vulnerabilities catalog, indicating confirmed in-the-wild exploitation and recommending prompt remediation for affected deployments.
The EPSS score reached a peak of 0.7505 on 2026-03-26 and remains elevated at 0.7108, consistent with sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-16087
Vulnerability details
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This…
more
issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.
- CWE(s)
- KEV Date Added
- 22 January 2026
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authenticated access decisions on administrative endpoints, blocking the Traefik bypass that allowed unauthenticated reach to Actuator heap dumps and logs.
Requires boundary protection mechanisms (reverse proxies) to filter and authenticate traffic to internal management interfaces, directly mitigating exposure of the Concerto Actuator endpoints.
Mandates secure configuration settings for the Traefik proxy and exposed services, preventing the misconfiguration that permitted authentication bypass in versions 12.1.2–12.2.0.