U.S. CISA warned that four vulnerabilities in Versa, Zimbra, Vite, and the eslint-config-prettier/Prettier toolchain are being actively exploited and have been added to the agency’s KEV catalog. Agencies must apply fixes or mitigations — or stop using affected products — by February 12, 2026, while details about exploitation activity and any ransomware use remain unknown. #VersaConcerto #eslint-config-prettier
Keypoints
- CISA reports active exploitation of four vulnerabilities impacting Versa, Zimbra, Vite, and eslint-config-prettier.
- CVE-2025-31125 is a high-severity improper access control issue that exposes non-allowed files on exposed dev instances and has been patched in multiple versions.
- CVE-2025-34026 is a critical authentication bypass in Versa Concerto caused by a Traefik reverse proxy misconfiguration, affecting Concerto 12.1.2 through 12.2.0 and fixed after disclosure.
- CVE-2025-54313 stems from a supply-chain compromise of eslint-config-prettier where hijacked npm packages executed a malicious install.js that dropped node-gyp.dll to steal npm tokens.
- CISA added the flaws to its KEV catalog and requires federal agencies to remediate or stop using affected products by February 12, 2026; exploitation details and ransomware links are unknown.