What is CVE-2025-34027?

CVE-2025-34027 is a vulnerability in Versa Concerto, classified under Time-of-check Time-of-use (TOCTOU) Race Condition. Published 2025-05-21.

Is CVE-2025-34027 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Versa Concerto

CVE-2025-34027

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for…

Vulnerability class: TOCTOU (Time-of-Check to Time-of-Use)

EPSS: 0.028 (86.3th percentile) — read the EPSS interpretation.

Affected products

Versa Concerto — versions 12.1.2

Weakness classification (CWE)

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce (exploit, mitigation)

Frequently asked questions

What is CVE-2025-34027?: CVE-2025-34027 is a vulnerability in Versa Concerto, classified under Time-of-check Time-of-use (TOCTOU) Race Condition. Published 2025-05-21.
Is CVE-2025-34027 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.