CISA added four vulnerabilities to its Known Exploited Vulnerabilities catalog after evidence of active exploitation, affecting Synacor Zimbra, Versa Concerto SD-WAN, Vite, and eslint-config-prettier. The eslint-config-prettier incident was a supply-chain attack that delivered a malicious DLL called Scavenger Loader, CrowdSec reports exploitation of the Zimbra flaw since January 14, 2026, and FCEB agencies must patch under BOD 22-01 by February 12, 2026. #SynacorZimbra #ScavengerLoader
Keypoints
- CISA added CVE-2025-68645, CVE-2025-34026, CVE-2025-31125, and CVE-2025-54313 to the KEV catalog due to active exploitation.
- CVE-2025-68645 is a PHP remote file inclusion in Synacor Zimbra (CVSS 8.8), fixed in ZCS 10.1.13 (Nov 2025).
- CVE-2025-34026 is an authentication bypass in Versa Concerto SD-WAN (CVSS 9.2), fixed in version 12.2.1 GA (Apr 2025).
- CVE-2025-31125 affects Viteβs access controls allowing arbitrary file contents to be returned to the browser and was fixed across multiple versions in March 2025.
- CVE-2025-54313 stemmed from a July 2025 supply-chain attack on eslint-config-prettier and six npm packages that used phishing to trojanize packages with the Scavenger Loader.
Read More: https://thehackernews.com/2026/01/cisa-updates-kev-catalog-with-four.html