CISA adds Vite, Prettier, Versa, and Zimbra vulnerabilities to KEV catalog

As reported by Security Affairs, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This action mandates federal agencies to address these security weaknesses by a specific deadline to mitigate potential cyber threats.

The newly cataloged vulnerabilities include an improper access control flaw in Vitejs (CVE-2025-31125), an improper authentication bypass in Versa Concerto SD-WAN (CVE-2025-34026), a supply-chain compromise in eslint-config-prettier (CVE-2025-54313), and a PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite (CVE-2025-68645). The Vitejs vulnerability could expose non-allowed files, while the Versa Concerto flaw allows access to admin endpoints. The eslint-config-prettier issue involves embedded malicious code executed during installation, and the Zimbra vulnerability could lead to the exposure of sensitive information.

CISA's Binding Operational Directive 22-01 requires federal agencies to remediate these vulnerabilities by February 12, 2026. Private organizations are also strongly encouraged to review the KEV catalog and implement necessary security measures to protect their infrastructure from exploitation.

Source: Security Affairs