top of page
Search

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog

  • Jan 23
  • 2 min read

CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities


Key Findings:


  • CISA added four security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

  • The vulnerabilities affect Synacor Zimbra Collaboration Suite, Versa Concerto SD-WAN orchestration platform, Vite Vitejs, and eslint-config-prettier npm package.

  • CISA has ordered Federal Civilian Executive Branch (FCEB) agencies to apply the necessary fixes by February 12, 2026, to secure their networks against active threats.


Background


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.


Synacor Zimbra Collaboration Suite Vulnerability


  • CVE-2025-68645 (CVSS score: 8.8)

  • A PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that could allow a remote attacker to craft requests to the "/h/rest" endpoint and allow inclusion of arbitrary files from the WebRoot directory without any authentication.

  • Fixed in November 2025 with version 10.1.13.


Versa Concerto SD-WAN Vulnerability


  • CVE-2025-34026 (CVSS score: 9.2)

  • An authentication bypass in the Versa Concerto SD-WAN orchestration platform that could allow an attacker to access administrative endpoints.

  • Fixed in April 2025 with version 12.2.1 GA.


Vite Vitejs Vulnerability


  • CVE-2025-31125 (CVSS score: 5.3)

  • An improper access control vulnerability in Vite Vitejs that could allow contents of arbitrary files to be returned to the browser using ?inline&import or ?raw?import.

  • Fixed in March 2025 with versions 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.


eslint-config-prettier Supply Chain Attack


  • CVE-2025-54313 (CVSS score: 7.5)

  • An embedded malicious code vulnerability in eslint-config-prettier that could allow for execution of a malicious DLL dubbed Scavenger Loader that's designed to deliver an information stealer.

  • The vulnerability is part of a broader supply chain attack targeting eslint-config-prettier and six other npm packages.


According to CrowdSec, exploitation efforts targeting CVE-2025-68645 have been ongoing since January 14, 2026. There are currently no details on how the other vulnerabilities are being exploited in the wild.


Pursuant to Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary fixes by February 12, 2026, to secure their networks against active threats.


Sources


  • https://thehackernews.com/2026/01/cisa-updates-kev-catalog-with-four.html

  • https://securityaffairs.com/187241/security/u-s-cisa-adds-prettier-eslint-config-prettier-vite-vitejs-versa-concerto-sd-wan-orchestration-platform-and-synacor-zimbra-collaboration-suite-flaws-to-its-known-exploited-vulnerabilities-catal.html

  • https://www.cypro.se/2026/01/23/cisa-updates-kev-catalog-with-four-actively-exploited-software-vulnerabilities/

  • https://www.reddit.com/r/SecOpsDaily/comments/1qkupo7/cisa_updates_kev_catalog_with_four_actively/

  • https://x.com/TheHackersNews/status/2014721783879107026

  • https://darknetsearch.com/knowledge/news/en/cisa-known-exploited-vulnerabilities-4-urgent-risks/

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page