CVE-2025-34026

Name of the Vulnerable Software and Affected Versions Versa Concerto versions 12.1.2 through 12.2.0

Description The Versa Concerto SD-WAN orchestration platform has a flaw in the Traefik reverse proxy configuration that allows an attacker to bypass authentication and access administrative endpoints. The internal Actuator endpoint can be exploited to gain access to heap dumps and trace logs. This issue is actively exploited in the wild and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. Attackers can extract credentials and tokens from heap dumps, access internal SD-WAN management endpoints, perform lateral movement to managed edge devices, and potentially deploy persistent backdoors. The root cause is a misconfigured Traefik reverse proxy that forwards unauthenticated requests to /actuator/* endpoints. The /actuator/* endpoints expose sensitive memory and administrative functions.

Recommendations Upgrade to the latest patched version from Versa Networks. Restrict access to the Traefik/admin interface. Block access to the /actuator/* endpoints externally. Deploy Web Application Firewall (WAF) rules. Review actuator access logs for unauthenticated GET requests. Rotate any exposed credentials. Isolate any compromised orchestrators.