Detections
Analytics

Versa Concerto 11.4.x < 12.1.2 Authentication Bypass

critical Web App Scanning Plugin ID 115121

Language:

Synopsis

Versa Concerto 11.4.x < 12.1.2 Authentication Bypass

Description

Versa Concerto version 11.4.x prior to 12.1.2 is affected by an authentication bypass vulnerability. An unauthenticated remote attacker can exploit this vulnerability to gain unauthorized access to the internal Actuator endpoint.

Solution

Upgrade to Versa Concerto version 12.1.2 or later.

See Also

https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce

Plugin Details

Severity: Critical

ID: 115121

Type: remote

Published: 1/28/2026

Updated: 1/28/2026

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2025-34026

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS Score Source: CVE-2025-34026

CVSS v4

Risk Factor: Critical

Base Score: 9.2

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N

CVSS Score Source: CVE-2025-34026

Vulnerability Information

CPE: cpe:2.3:a:versa-networks:concerto:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/20/2025

Vulnerability Publication Date: 5/20/2025

CISA Known Exploited Vulnerability Due Dates: 2/12/2026

Reference Information

CVE: CVE-2025-34026