CVE-2025-34025

The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code execution or direct host access depending on the host operating system configuration.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.

CVSS

No CVSS.

References

Link	Resource
https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce
https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce

Configurations

No configuration.

History

22 May 2025, 16:15

Type	Values Removed	Values Added
Summary		(es) La plataforma de orquestación SD-WAN Versa Concerto es vulnerable a una vulnerabilidad de escalada de privilegios y escape de contenedor causada por el montaje predeterminado inseguro de rutas binarias del host, lo que permite que el contenedor modifique dichas rutas. El escape puede usarse para activar la ejecución remota de código o el acceso directo al host, según la configuración del sistema operativo del host. Se sabe que este problema afecta a Concerto desde la versión 12.1.2 hasta la 12.2.0. Otras versiones podrían ser vulnerables.
References	~~() https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce -~~	() https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce -

21 May 2025, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-21 23:15

Updated : 2025-05-23 15:55

NVD link : CVE-2025-34025

Mitre link : CVE-2025-34025

CVE.ORG link : CVE-2025-34025

JSON object : View

Products Affected

No product.

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

{"id": "CVE-2025-34025", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-21T23:15:54.827", "references": [{"url": "https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce", "source": "disclosure@vulncheck.com"}, {"url": "https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code execution or direct host access depending on the host operating system configuration.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable."}, {"lang": "es", "value": "La plataforma de orquestaci\u00f3n SD-WAN Versa Concerto es vulnerable a una vulnerabilidad de escalada de privilegios y escape de contenedor causada por el montaje predeterminado inseguro de rutas binarias del host, lo que permite que el contenedor modifique dichas rutas. El escape puede usarse para activar la ejecuci\u00f3n remota de c\u00f3digo o el acceso directo al host, seg\u00fan la configuraci\u00f3n del sistema operativo del host. Se sabe que este problema afecta a Concerto desde la versi\u00f3n 12.1.2 hasta la 12.2.0. Otras versiones podr\u00edan ser vulnerables."}], "lastModified": "2025-05-23T15:55:02.040", "sourceIdentifier": "disclosure@vulncheck.com"}