CISA Expands KEV with Four Actively Exploited Flaws

January 24, 2026 at 04:12 PM

•

1 min read

CISA Expands KEV with Four Actively Exploited Flaws — Photo: The Hacker News

TL;DR Summary

CISA added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation: CVE-2025-68645 (PHP remote file inclusion in Synacor Zimbra Collaboration Suite; CVSS 8.8; fixed in v10.1.13), CVE-2025-34026 (authentication bypass in Versa Concerto SD-WAN; CVSS 9.2; fixed in 12.2.1 GA), CVE-2025-31125 (improper access control in Vite; CVSS 5.3; fixed across multiple versions), and CVE-2025-54313 (embedded malicious code in eslint-config-prettier as part of a supply-chain attack with Scavenger Loader; CVSS 7.5; linked to July 2025 phishing campaigns). Exploitation of CVE-2025-68645 has been observed since January 14, 2026; details on the others’ exploitation are not provided. FCEB agencies must patch by February 12, 2026 under BOD 22-01.

Topics:technology #actively-exploited #cisa #eslint-config-prettier #kev-catalog #security #supply-chain-attack

Share this article

CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities The Hacker News
CISA confirms active exploitation of four enterprise software bugs BleepingComputer
Organizations Warned of Exploited Zimbra Collaboration Vulnerability SecurityWeek
CISA Adds 5 Enterprise Software Flaws To KEV Catalog The Cyber Express
U.S. CISA adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform,... Security Affairs

Reading Insights

Total Reads

Unique Readers

Time Saved

1 min

vs 2 min read

Condensed

68%

340 → 108 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights