CVE-2025-34025

Sažetak

The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code execution or direct host access depending on the host operating system configuration.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.

Reference

https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce
https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

23-05-2025 - 15:55

Objavljeno

21-05-2025 - 23:15