CVE-2025-34025

Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
21/05/2025
Last modified:
23/05/2025

Description

The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code execution or direct host access depending on the host operating system configuration.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.