CISA added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after finding evidence of active exploitation, affecting Vite, Versa Concerto, eslint-config-prettier, and Synacor Zimbra Collaboration Suite. BOD 22-01 requires Federal Civilian Executive Branch agencies to remediate KEV-listed CVEs by set deadlines, and CISA strongly urges all organizations to prioritize timely remediation to reduce exposure. #Zimbra #Vitejs
Keypoints
- CISA added four CVEs to the KEV Catalog due to evidence of active exploitation.
- The newly listed vulnerabilities impact Vite (CVE-2025-31125), Versa Concerto (CVE-2025-34026), eslint-config-prettier (CVE-2025-54313), and Synacor Zimbra ZCS (CVE-2025-68645).
- These types of flaws are common attack vectors and pose significant risks to the federal enterprise.
- BOD 22-01 established the KEV Catalog and requires FCEB agencies to remediate listed vulnerabilities by mandated due dates.
- CISA urges all organizations to prioritize remediation of KEV vulnerabilities and will continue updating the catalog as criteria are met.