30/05/2025

Week 22 – High severity vulnerability affects Versa Concerto

26 May – 01 June 2025

Our new CVE of the Week is high severity vulnerability, CVE-2025-34027, has been identified and is making waves across the cybersecurity landscape.

It affects Versa Concerto, an orchestrator and interface to configure and monitor Versa OS devices in Secure SD-WAN and secure access service edge (SASE) deployments. The flaw affects widely used software and poses a serious risk of remote code execution (RCE) without authentication – making it a top priority.

It has the highest possible CVSS score of 10.

This vulnerability allows threat actors to exploit exposed systems over the network, potentially gaining full control. The attack surface is broad, and with proof-of-concept (PoC) exploits already circulating.

Affected systems are commonly used in enterprise environments.
Exploits are trivial to deploy once a target is found.
The impact can range from data theft to full infrastructure compromise.

  • Patch immediately if you are running affected versions: Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.
  • Scan your network for vulnerable endpoints.
  • Monitor logs and traffic for signs of exploitation.

This is a wake-up call to stay vigilant, keep systems updated, and prioritize proactive vulnerability management. CVE-2025-34027 is not just another CVE — it’s a critical risk that requires immediate attention.

Let’s not wait for headlines. Secure your systems today!

You can find more information and details on the subject at the link below:
https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce

White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.

Author:
Filed Under: CVE of the Week
Tags: , , ,