CVE-2025-34027 PoC — Versa Concerto SD-WAN 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-34027.yaml

Associated Vulnerability

Title:Versa Concerto SD-WAN 安全漏洞 (CVE-2025-34027)
Description:Versa Concerto SD-WAN是Versa公司的一个易于使用的用户界面，用于配置和监控安全 SD-WAN 中的 Versa OS设备。 Versa Concerto SD-WAN 12.1.2至12.2.0版本存在安全漏洞，该漏洞源于Traefik反向代理配置中的身份验证绕过，可能导致远程代码执行。

Description

Authentication bypass in the Versa Concerto API, caused by URL decoding inconsistencies. It allowed unauthorized access to certain API endpoints by manipulating the URL path.This issue enabled attackers to bypass authentication controls and access restricted resources.

File Snapshot


 id: CVE-2025-34027

info:
  name: Versa Concerto API Path Based - Authentication Bypass
  author: ia

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!