Latest Versa Networks Concerto vulnerabilities #
Project Discovery has disclosed several vulnerabilities in Versa Concerto, a tool used to configure and monitor Versa devices in networks:
- CVE-2025-34027 with a CVSS score of 10.0 (critical): an authentication bypass in the spack upload endpoint, which would allow an attacker to execute arbitrary code without authentication
- CVE-2025-34026 with a CVSS score of 9.2 (critical): an authentication bypass in the Concerto API that would allow a remote, unauthenticated attacker to view log and debugging information, which may contain authentication tokens and other sensitive information.
- CVE-2025-34025 with a CVSS score of 8.6 (high): a container-escape vulnerability that would allow an attacker with access to a container on the Concerto system to break out of that container and execute code and commands in the outer environment.
These vulnerabilities affect various components of Concerto and, when used together, would allow a remote, unauthenticated attacker to execute arbitrary code on the vulnerable system.
Versions 12.1.2 through 12.2.0 are known to be affected, but other versions may also be vulnerable.
Note that, as of writing, this vulnerability has not been publicly addressed by the vendor.
What is the impact? #
Successfully exploiting this vulnerability would allow a remote attacker to execute arbitrary code on the vulnerable system and retrieve potentially sensitive logging and debugging information.
Are updates or workarounds available? #
As of this writing, this vulnerability has not been addressed by the vendor. Users are strongly encouraged to implement network access controls to limit access to these systems to trusted networks.
How to find potentially vulnerable systems with runZero #
From the Services Inventory, use the following query to locate systems running potentially vulnerable software:
_asset.protocol:http AND protocol:http AND has:favicon.ico.image.md5 and favicon.ico.image.md5:="0e8efa5cf285db81f1389ef48fb0bec2"
