CVE-2025-34026 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
VulnCheck	CNA	---				---
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Vulnerability Media Exposure

[ENGLISH] Critical Versa Concerto Flaws Let Attackers Escape Docker and Compromise Hosts
Cybersecurity researchers have uncovered multiple critical security vulnerabilities impacting the Versa Concerto network security and SD-WAN orchestration platform that could be exploited to take control of susceptible instances. It's worth noting that the identified shortcomings remain unpatched despite responsible disclosure on February 13, 2025, prompting a public release of the issues
Published: 2025-05-22T16:36:00+05:30
[GERMAN] Warten auf Sicherheitsupdate: Versa Concerto ist schwer verwundet
Lücken bedrohen die Orchestrierungsplattform Versa Concerto. Schadcode-Attacken sind möglich. Medienberichten zufolge gibt es Updates. Der Hersteller schweigt.
Published: 2025-05-23T09:15:00+00:00
[ENGLISH] ⚡ Weekly Recap: APT Campaigns, Browser Hijacks, AI Malware, Cloud Breaches and Critical CVEs
Cyber threats don't show up one at a time anymore. They’re layered, planned, and often stay hidden until it’s too late. For cybersecurity teams, the key isn’t just reacting to alerts—it’s spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today’s complex systems, we
Published: 2025-05-26T14:53:00+05:30

References

https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce

https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce