← ExploitWatch
HomeExploited Vulnerabilities

CVE-2025-34026 — Actively Exploited: Concerto (Versa)

Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.

CVE IDCVE-2025-34026
VendorVersa
ProductConcerto
Vulnerability nameVersa Concerto Improper Authentication Vulnerability
Date added2026-01-22
Remediation due2026-02-12
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionVersa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →