top of page
perceptive_background_267k.jpg

CISA confirms active exploitation of four enterprise software bugs

Published:

23 January 2026 at 18:47:31

Alert date:

23 January 2026 at 19:01:17

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Enterprise Applications, Supply Chain & Dependencies, Web Technologies

CISA warned of active exploitation of four vulnerabilities in enterprise software from Versa and Zimbra, the Vite frontend tooling framework, and the Prettier code formatter. These vulnerabilities are being actively exploited in the wild and have been added to CISA's Known Exploited Vulnerabilities catalog. Organizations using these enterprise software solutions are at immediate risk and should apply patches or mitigations urgently. The exploitation affects multiple enterprise environments across different software categories including networking, email, and development tools.

Technical details

Four vulnerabilities are being actively exploited: 1) CVE-2025-31125 - High-severity improper access control in Vite frontend tooling framework allowing exposure of non-allowed files when server is exposed to network; 2) CVE-2025-34026 - Critical authentication bypass in Versa Concerto SD-WAN caused by Traefik reverse proxy misconfiguration allowing access to administrative endpoints including internal Actuator endpoint exposing heap dumps and trace logs; 3) CVE-2025-54313 - High-severity supply-chain compromise affecting eslint-config-prettier package where hijacked versions contained malicious install.js script launching node-gyp.dll payload on Windows to steal npm authentication tokens; 4) CVE-2025-68645 - Local file inclusion vulnerability in Zimbra Collaboration Suite Webmail Classic UI caused by improper handling of user-supplied parameters in RestFilter servlet allowing unauthenticated attackers to exploit /h/rest endpoint to include arbitrary files from WebRoot directory

Mitigation steps:

Federal agencies bound by BOD 22-01 directive must apply available security updates or vendor-suggested mitigations, or stop using the products by February 12, 2026. Update Vite to patched versions 6.2.4, 6.1.3, 6.0.13, 5.4.16, or 4.5.11. Apply fixes for Versa Concerto (confirmed fixed March 7, 2025). Remove malicious eslint-config-prettier package versions and reinstall clean versions. Apply security updates for Zimbra Collaboration Suite to address local file inclusion vulnerability.

Affected products:

Vite frontend tooling framework (versions 6.2.4
6.1.3
6.0.13
5.4.16
and 4.5.11 contain patches)
Versa Concerto SD-WAN orchestration platform (versions 12.1.2 through 12.2.0)
eslint-config-prettier package (malicious versions 8.10.1
9.1.1
10.1.6
and 10.1.7)
Prettier code formatter
Zimbra Collaboration Suite 10.0 and 10.1 Webmail Classic UI

Related links:

http://www.cisa.gov/news-events/alerts/2026/01/22/cisa-adds-four-known-exploited-vulnerabilities-catalog
https://nvd.nist.gov/vuln/detail/cve-2025-31125
https://nvd.nist.gov/vuln/detail/CVE-2025-34026
https://www.bleepingcomputer.com/news/security/unpatched-critical-bugs-in-versa-concerto-lead-to-auth-bypass-rce/
https://nvd.nist.gov/vuln/detail/CVE-2025-54313
https://www.bleepingcomputer.com/news/security/popular-npm-linter-packages-hijacked-via-phishing-to-drop-malware/
https://nvd.nist.gov/vuln/detail/CVE-2025-68645

Related CVE's:

Related threat actors:

IOC's:

install.js script, node-gyp.dll payload, /h/rest endpoint exploitation, eslint-config-prettier versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page