CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities

CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities

Posted on By CWS

Ravie LakshmananJan 23, 2026Vulnerability / Software program Safety
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Thursday added 4 safety flaws to its Identified Exploited Vulnerabilities (KEV) catalog, citing proof of energetic exploitation within the wild.
The listing of vulnerabilities is as follows –

CVE-2025-68645 (CVSS rating: 8.8) – A PHP distant file inclusion vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that might permit a distant attacker to craft requests to the “/h/relaxation” endpoint and permit inclusion of arbitrary information from the WebRoot listing with none authentication (Mounted in November 2025 with model 10.1.13)
CVE-2025-34026 (CVSS rating: 9.2) – An authentication bypass within the Versa Concerto SD-WAN orchestration platform that might permit an attacker to entry administrative endpoints (Mounted in April 2025 with model 12.2.1 GA)
CVE-2025-31125 (CVSS rating: 5.3) – An improper entry management vulnerability in Vite Vitejs that might permit contents of arbitrary information to be returned to the browser utilizing ?inline&import or ?uncooked?import (Mounted in March 2025 with variations 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11)
CVE-2025-54313 (CVSS rating: 7.5) – An embedded malicious code vulnerability in eslint-config-prettier that might permit for execution of a malicious DLL dubbed Scavenger Loader that is designed to ship an info stealer

It is price noting that CVE-2025-54313 refers to a provide chain assault focusing on eslint-config-prettier and 6 different npm packages, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall, got-fetch, and is, that got here to mild in July 2025.
The phishing marketing campaign focused the bundle maintainers with bogus hyperlinks that harvested their credentials beneath the pretext of verifying their e mail handle as a part of common account upkeep, permitting the risk actors to publish trojanized variations.
Based on CrowdSec, exploitation efforts focusing on CVE-2025-68645 have been ongoing since January 14, 2026. There are at present no particulars on how the opposite vulnerabilities are being exploited within the wild.
Pursuant to Binding Operational Directive (BOD) 22-01, Federal Civilian Government Department (FCEB) companies are required to use the required fixes by February 12, 2026, to safe their networks towards energetic threats.

The Hacker News Tags:, , , , , , ,

Related Posts

Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass The Hacker News
North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware The Hacker News
VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages The Hacker News
India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse The Hacker News
Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data The Hacker News
Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access The Hacker News