PT-2025-22441 · Traefik+1 · Traefik+1
Harsh Jaiswal
+3
·
Published
2025-05-21
·
Updated
2026-03-05
·
CVE-2025-34027
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Versa Concerto versions 12.1.2 through 12.2.0
Description
The Versa Concerto SD-WAN orchestration platform contains a flaw in the Traefik reverse proxy configuration that allows an attacker to bypass authentication and access administrative endpoints. The Spack upload endpoint can be exploited using a Time-of-Check to Time-of-Use (TOCTOU) write condition combined with a race condition to achieve remote code execution (RCE) through path loading manipulation. This allows an unauthenticated actor to achieve RCE. The issue is actively exploited.
Recommendations
Versions 12.1.2 through 12.2.0 should be updated to a newer version that addresses this vulnerability.
Exploit
Fix
RCE
Improper Authentication
Time Of Check To Time Of Use
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Traefik
Versa Concerto Sd-Wan