CISA warns four enterprise flaws actively exploited across Versa, Zimbra, Vite, and Prettier

January 23, 2026 at 10:44 PM

•

1 min read

CISA warns four enterprise flaws actively exploited across Versa, Zimbra, Vite, and Prettier — Photo: BleepingComputer

TL;DR Summary

CISA has added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2025-31125 and CVE-2025-34026 affecting Versa software (including the Concerto SD-WAN) via dev-exposure and Traefik misconfig, CVE-2025-68645 in Zimbra Webmail Classic UI (local file inclusion), and a supply-chain issue in eslint-config-prettier (CVE-2025-54313) tied to Prettier. Patches or mitigations exist for affected products; US federal agencies must apply updates or stop using the products by February 12, 2026. The status of ransomware-related exploitation remains unknown.

Topics:technology #cisa #cybersecurity #enterprise-software #exploitation #supply-chain #vulnerabilities

Share this article

CISA confirms active exploitation of four enterprise software bugs BleepingComputer
CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities The Hacker News
Organizations Warned of Exploited Zimbra Collaboration Vulnerability SecurityWeek
CISA Adds 5 Enterprise Software Flaws To KEV Catalog The Cyber Express
I Added CISA KEV to Vulnerability Prioritization and Coverage Jumped +413% Hackernoon

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

89%

695 → 76 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights