Security researchers have uncovered a trio of severe zero-day vulnerabilities in Versa Concerto, a network management tool used by some of the world’s largest telecom giants. The flaws are so critical that one earned a perfect 10.0 severity score, creating a risk of complete system takeover. Although Versa Networks has issued patches, confusion over their release and the slow pace of updates leave critical infrastructure exposed to potential silent sabotage by sophisticated attackers.
A Small Number of Systems with Massive Risk
While the number of internet-exposed Versa Concerto instances was small, impacting only a few dozen organizations, the nature of these organizations raises the stakes significantly. The affected companies were not small businesses but major telecommunication providers who form the backbone of global communication.
Researchers from ProjectDiscovery found that many of these exposed systems had privileged connections to Versa Director servers. This means an attacker wouldn’t just compromise one system; they could gain access to the central control hub for a vast software-defined network.
Making matters worse, some of these systems stored plaintext passwords for critical internal resources like Active Directory. This level of exposure provides a direct and easy path for an attacker to move deeper into a telco’s network.
The Trio of Critical Flaws Explained
The three vulnerabilities work together to create a perfect storm for a cyberattack. An attacker could use one bug to get in the door and another to take over the entire house, creating a clear runway for exploitation.
Each flaw presented a unique path for attackers:
- CVE-2025-34025: This bug involved a misconfiguration in a Docker container, allowing an attacker to escalate their privileges and escape the container to compromise the host system.
- CVE-2025-34026: A critical authentication bypass flaw, this vulnerability let attackers access sensitive and protected areas of the Concerto tool without needing valid credentials.
- CVE-2025-34027: The most severe of the three, this flaw involved a complex chain of exploits that resulted in remote code execution, giving an attacker complete control. It is rare for a vulnerability to receive a perfect 10.0 CVSS score, highlighting its extreme danger.
The synergy between these bugs is what makes them so frightening. An attacker could use the authentication bypass (CVE-2025-34026) to gain initial access and then deploy the remote code execution exploit (CVE-2025-34027) to achieve a full system takeover.
Patch Released but Communication Faltered
Versa Networks responded to the discovery by releasing a hotfix on March 7 and a fully patched version on April 16. However, the process was marred by a communication breakdown between the company and the security researchers.
ProjectDiscovery initially reported that no patch was available, a claim that was later proven incorrect. This misstep, occurring sometime between April and May, likely caused confusion among Versa customers, who may have believed they were still vulnerable when a fix was already available.
Versa has since clarified that all affected customers were notified through their standard support channels. The responsibility now lies with the telecom operators to apply these critical updates to their systems.
The Race to Patch a High-Value Target
Versa Networks is a major player in the networking and SASE (Secure Access Service Edge) market, making it an attractive target for threat actors. This is not the first time the company’s products have been targeted. In 2023, the Chinese state-sponsored group Volt Typhoon exploited a different flaw in a Versa product to infiltrate sensitive networks.
Despite the availability of patches, the risk is far from over. Telecom networks are notoriously difficult to update due to the high cost of downtime. Security teams often delay patches until a threat is imminent, but in this case, the danger is already present.
The table below summarizes the severity and potential impact of each vulnerability.
| CVE ID | Severity | CVSS Score | Attack Type | Potential Impact |
|---|---|---|---|---|
| CVE-2025-34025 | High | 8.6 | Privilege Escalation | Host system compromise |
| CVE-2025-34026 | Critical | 9.2 | Authentication Bypass | Access to credentials & tokens |
| CVE-2025-34027 | Critical | 10.0 | Remote Code Execution | Full system takeover |
While Versa states that “many customers have already upgraded,” the key question is how many have not. So far, there have been no confirmed reports of these vulnerabilities being exploited in the wild. However, given the high value of the targets, it may only be a matter of time before an attacker decides to try.
