Critical vulnerabilities in Versa Concerto, a platform for SD-WAN and SASE management, remain unpatched, risking remote code execution and unauthorized access. Researchers publicly disclosed these flaws after vendor engagement failed, underscoring urgent mitigation needs for affected organizations. #CVE-2025-34027 #VersaConcerto #ProjectDiscovery
Keypoints
- Three significant security issues were publicly disclosed in Versa Concerto by ProjectDiscovery researchers.
- Two vulnerabilities rated as critical could enable remote attackers to bypass authentication or execute arbitrary code.
- The vulnerabilities include a URL decoding inconsistency, improper header reliance, and Docker misconfiguration.
- Versa Networks acknowledged the issues but did not provide timely hotfixes, leaving users at risk.
- Organizations are advised to implement temporary mitigations, such as blocking specific URL patterns and headers, until patches are available.