Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE

Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems. Three security issues, two of them critical, were publicly disclosed by researchers at the vulnerability management firm ProjectDiscovery after reporting them to the vendor and receiving no confirmation of the bugs being addressed. Versa Concerto is the centralized management and orchestration platform for Versa Networks' SD-WAN and SASE (Secure Access Service Edge) solutions. It is used by large enterprises managing complex WAN environments, telecom operators providing managed SD-WAN/SASE services to customers, government agencies that need secure, policy-driven network segmentation, and managed security service providers that handle multi-tenant deployments. ProjectDiscovery researched the product and discovered the following flaws: CVE-2025-34027 (critical severity score 10/10): a URL decoding inconsistency all ... Read full article.