Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Three severe zero-day vulnerabilities in Versa Concerto, Patch Immediately!
Image
Published : 26/05/2025
- Last update: 26/05/2025
- Affected software: Versa Concerto
- Type:
→ Remote code execution (RCE)
→ Privilege escalation- CVE/CVSS:
→ CVE-2025-34027: CVSS-B 10.0 CRITICAL (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L)
→ CVE-2025-34026: CVSS-B 9.2 CRITICAL (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N)
→ CVE-2025-34025: CVSS-B 8.6 HIGH (CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L)
Sources
https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce
https://thehackernews.com/2025/05/unpatched-versa-concerto-flaws-let.html
https://www.bleepingcomputer.com/news/security/unpatched-critical-bugs-in-versa-concerto-lead-to-auth-bypass-rce/
Risks
Three severe vulnerabilities were found in Versa Concerto, which, when chained together, can lead to the full compromise of the application as well as the underlying host system.
Versa Concerto is a widely used network security and SD-WAN orchestration platform to manage deployment within organisations.
Description
A threat actor could first exploit an authentication bypass vulnerability in order to find services vulnerable to arbitrary file writes. Then, the threat actor could create a race condition to achieve remote code execution.
Next, the threat actor can leverage a misconfiguration in the container to gain execution on the host machine.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Versa Networks stated to specialised media like Hacker News and Bleeping Computer that the issues were addressed in Concerto version 12.2.1 GA released on 16 April 2025.
Mitigation measures exist to reduce the risk posed by authentication bypass vulnerabilities:
- Implement a rule to block any incoming requests that contain a semicolon (;) in the URL path
- Configure the reverse proxy or web-application firewall to drop any requests where the Connection header contains the value X-Real-IP (case insensitive).
Please note that these measures are temporary, i.e. they can be used to reduce the risk of exploitation until official patches are implemented.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce
https://thehackernews.com/2025/05/unpatched-versa-concerto-flaws-let.html
https://www.bleepingcomputer.com/news/security/unpatched-critical-bugs-in-versa-concerto-lead-to-auth-bypass-rce/