admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2025/34xxx/CVE-2025-34025.json
CVE Team d365b4fb74
"-Synchronized-Data."
2025-05-21 23:00:35 +00:00

89 lines
2.8 KiB
JSON
Raw Blame History

{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2025-34025",
"ASSIGNER": "disclosure@vulncheck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code execution or direct host access depending on the host operating system configuration.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Versa",
"product": {
"product_data": [
{
"product_name": "Concerto",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "12.1.2",
"version_value": "12.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce",
"refsource": "MISC",
"name": "https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "ProjectDiscovery"
},
{
"lang": "en",
"value": "Harsh Jaiswal"
},
{
"lang": "en",
"value": "Rahul Maini"
},
{
"lang": "en",
"value": "Parth Malhotra"
}
]
}
Reference in New Issue View Git Blame Copy Permalink