Versa Networks' centralized management and orchestration platform Versa Concerto has been impacted by a trio of serious vulnerabilities, which could be leveraged for authentication evasion and arbitrary code execution, according to BleepingComputer.
Most significant of the bugs is the maximum severity URL decoding inconsistency issue, tracked as CVE-2025-34027, which could facilitate unauthorized file upload endpoint access and remote code execution, a report from vulnerability management firm ProjectDiscovery showed. On the other hand, potential exploitation of the critical CVE-2025-34026 and high-severity CVE-2025-34025 flaws could allow credential and session token theft and total host breaches, respectively. While ProjectDiscovery researchers noted the lack of patches for the flaws, Versa Networks said that all of the issues have been remediated as part of an update completed in early March that became publicly available in mid-April. "There is no indication that these vulnerabilities were exploited in the wild, and no customer impact has been reported. All affected customers were notified through established security and support channels with guidance on how to apply the recommended updates," said a Versa Networks spokesperson.
Most significant of the bugs is the maximum severity URL decoding inconsistency issue, tracked as CVE-2025-34027, which could facilitate unauthorized file upload endpoint access and remote code execution, a report from vulnerability management firm ProjectDiscovery showed. On the other hand, potential exploitation of the critical CVE-2025-34026 and high-severity CVE-2025-34025 flaws could allow credential and session token theft and total host breaches, respectively. While ProjectDiscovery researchers noted the lack of patches for the flaws, Versa Networks said that all of the issues have been remediated as part of an update completed in early March that became publicly available in mid-April. "There is no indication that these vulnerabilities were exploited in the wild, and no customer impact has been reported. All affected customers were notified through established security and support channels with guidance on how to apply the recommended updates," said a Versa Networks spokesperson.
