top of page
perceptive_background_267k.jpg

CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities

Published:

23 januari 2026 om 15:24:00

Alert date:

23 januari 2026 om 18:06:58

Source:

thehackernews.com

Click to open the original link from this advisory

Web Technologies, Enterprise Applications, Supply Chain & Dependencies, Zero-Day Vulnerabilities

CISA added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerabilities include CVE-2025-68645, a PHP remote file inclusion flaw in Synacor Zimbra Collaboration Suite with CVSS score 8.8. These additions indicate evidence of active exploitation in the wild. Organizations using affected products should prioritize patching these vulnerabilities.

Technical details

CISA added four actively exploited vulnerabilities to its KEV catalog: CVE-2025-68645 is a PHP remote file inclusion vulnerability in Zimbra that allows unauthenticated access to arbitrary files via the '/h/rest' endpoint. CVE-2025-34026 is an authentication bypass in Versa Concerto SD-WAN platform allowing access to administrative endpoints. CVE-2025-31125 is an improper access control vulnerability in Vite that allows arbitrary file contents to be returned using specific query parameters. CVE-2025-54313 involves malicious code in eslint-config-prettier that executes Scavenger Loader DLL to deliver information stealers. The latter was part of a supply chain attack targeting npm package maintainers through credential harvesting.

Mitigation steps:

Federal Civilian Executive Branch (FCEB) agencies must apply necessary fixes by February 12, 2026, per Binding Operational Directive (BOD) 22-01. Update affected products to their fixed versions: Zimbra to version 10.1.13, Versa Concerto to version 12.2.1 GA, Vite to appropriate fixed versions (6.2.4, 6.1.3, 6.0.13, 5.4.16, or 4.5.11), and verify npm packages for malicious versions. Monitor for exploitation attempts targeting the identified vulnerabilities and endpoints.

Affected products:

Synacor Zimbra Collaboration Suite (ZCS) - fixed in version 10.1.13
Versa Concerto SD-WAN orchestration platform - fixed in version 12.2.1 GA
Vite Vitejs - fixed in versions 6.2.4
6.1.3
6.0.13
5.4.16
and 4.5.11
eslint-config-prettier npm package
eslint-plugin-prettier npm package
synckit npm package
@pkgr/core npm package
napi-postinstall npm package
got-fetch npm package
is npm package

Related links:

https://www.cisa.gov/news-events/alerts/2026/01/22/cisa-adds-four-known-exploited-vulnerabilities-catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2025-68645
https://cwe.mitre.org/data/definitions/98.html
https://wiki.zimbra.com/wiki/Security_Center
https://www.cve.org/CVERecord?id=CVE-2025-34026
https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce
https://thehackernews.com/2025/05/unpatched-versa-concerto-flaws-let.html
https://www.cve.org/CVERecord?id=CVE-2025-31125
https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8
https://www.cve.org/CVERecord?id=CVE-2025-54313
https://thehackernews.com/2025/07/malware-injected-into-6-npm-packages.html
https://app.crowdsec.net/cti/cve-explorer/CVE-2025-68645

Related CVE's:

Related threat actors:

IOC's:

Scavenger Loader DLL, Malicious versions of npm packages: eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall, got-fetch, is, Exploitation of /h/rest endpoint in Zimbra, Use of ?inline&import or ?raw?import parameters in Vite

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page