Intrusion PreventionVersa.Concerto.Actuator.CVE-2025-34026.Authentication.Bypass
Description
This indicates an attack attempt to exploit an Authentication Bypass vulnerability in Versa Concerto.
This vulnerability is due to improper request handling at the reverse-proxy layer. A remote attacker may be able to exploit this to bypass intended access controls and access restricted management functionality without proper authorization. Successful exploitation could result in unauthorized access to sensitive information and functions, and may be leveraged for further compromise depending on the target configuration.
Outbreak Alert
Multiple critical security vulnerabilities in the Versa Concerto network security and SD-WAN orchestration platform. When chained, these flaws could allow remote attackers to bypass authentication, escape Docker containers, and fully compromise both the application and the underlying host system.
Affected Products
Versa Concerto 11.4.x
Versa Concerto 12.1.1
Versa Concerto 12.1.2 images released before January 24, 2025 hot fix
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://security-portal.versa-networks.com/emailbulletins/6830f94328defa375486ff2e
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| ID | 60095 |
| Created | Jan 26, 2026 |
| Updated | Feb 10, 2026 |
| CVE ID | |
| Tags | Versa Concerto Authentication Bypass Threat Signal |
| Risk |
|
| Known Exploited | Yes |
| Exploit Prediction Score | 62.38% |
| Default Action | drop |
| Active | |
| Affected OS | Linux |
| Affected App | Other |
| Profile Type | Improper Authentication |