Key Takeaways
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four new security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
- The vulnerabilities include a PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite, an authentication bypass in the Versa Concerto SD-WAN orchestration platform, an improper access control vulnerability in Vite Vitejs, and an embedded malicious code vulnerability in eslint-config-prettier.
- The vulnerabilities have CVSS scores ranging from 5.3 to 9.2, indicating a high level of severity.
- Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary fixes by February 12, 2026, to secure their networks against active threats.
Introduction to the Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities includes a PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite, an authentication bypass in the Versa Concerto SD-WAN orchestration platform, an improper access control vulnerability in Vite Vitejs, and an embedded malicious code vulnerability in eslint-config-prettier. These vulnerabilities have been assigned CVSS scores ranging from 5.3 to 9.2, indicating a high level of severity.
Details of the Vulnerabilities
The first vulnerability, CVE-2025-68645, is a PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that could allow a remote attacker to craft requests to the "/h/rest" endpoint and include arbitrary files from the WebRoot directory without any authentication. This vulnerability was fixed in November 2025 with version 10.1.13. The second vulnerability, CVE-2025-34026, is an authentication bypass in the Versa Concerto SD-WAN orchestration platform that could allow an attacker to access administrative endpoints. This vulnerability was fixed in April 2025 with version 12.2.1 GA. The third vulnerability, CVE-2025-31125, is an improper access control vulnerability in Vite Vitejs that could allow the contents of arbitrary files to be returned to the browser using?inline&import or?raw?import. This vulnerability was fixed in March 2025 with versions 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.
The Supply Chain Attack
The fourth vulnerability, CVE-2025-54313, is an embedded malicious code vulnerability in eslint-config-prettier that could allow for the execution of a malicious DLL dubbed Scavenger Loader, which is designed to deliver an information stealer. This vulnerability refers to a supply chain attack targeting eslint-config-prettier and six other npm packages, including eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall, got-fetch, and is. The attack came to light in July 2025, when the package maintainers were targeted with phishing campaigns that harvested their credentials under the pretext of verifying their email address as part of regular account maintenance. This allowed the threat actors to publish trojanized versions of the packages.
Exploitation Efforts
According to CrowdSec, exploitation efforts targeting CVE-2025-68645 have been ongoing since January 14, 2026. However, there are currently no details on how the other vulnerabilities are being exploited in the wild. The fact that these vulnerabilities are being actively exploited highlights the importance of patching and securing systems against these threats. Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary fixes by February 12, 2026, to secure their networks against active threats, pursuant to Binding Operational Directive (BOD) 22-01.
Conclusion and Recommendations
In conclusion, the addition of these four security flaws to the KEV catalog highlights the ongoing threats to cybersecurity and the importance of staying up-to-date with the latest patches and security fixes. It is essential for organizations to prioritize patching and securing their systems against these vulnerabilities to prevent exploitation. By doing so, they can protect their networks and data from potential threats and ensure the continuity of their operations. Additionally, it is crucial for organizations to be aware of the potential for supply chain attacks and to take measures to prevent them, such as verifying the authenticity of software packages and implementing robust security controls. By taking these steps, organizations can reduce the risk of exploitation and protect their assets from cyber threats.
