The Cybersecurity and Infrastructure Safety Company (CISA) within the U.S. warned of energetic exploitation of 4 vulnerabilities impacting enterprise software program from Versa and Zimbra, the Vite frontend tooling framework, and the Prettier code formatter.
The safety points have been added to CISA’s KEV (Identified Exploited Vulnerabilities) catalog, indicating that the company has proof that hackers are exploiting them within the wild.
One of many vulnerabilities is CVE-2025-31125, a high-severity improper entry management situation disclosed in March final 12 months that may be exploited to reveal non-allowed recordsdata when the server is explicitly uncovered to the community.
The problem impacts solely uncovered dev cases and has been patched in variations 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.
One other bug CISA marked as exploited is CVE-2025-34026, a critical-severity authentication bypass within the Versa Concerto SD-WAN orchestration platform disclosed in Could 2025. It’s attributable to a Traefik reverse proxy misconfiguration that permits entry to administrative endpoints, together with the inner Actuator endpoint, exposing heap dumps and hint logs.
Affected merchandise are Concerto 12.1.2 by 12.2.0, though further variations might even be impacted.
Researchers at cybersecurity firm ProjectDiscovery reported the problems to the seller on February 13, 2025, and Versa Concerto confirmed to BleepingComputer that that they had fastened them on March 7, 2025.
The US cybersecurity company additionally lists CVE-2025-54313 as leveraged in assaults, a high-severity vulnerability as a consequence of supply-chain compromise affecting the eslint-config-prettier bundle for resolving conflicts between code linter ESLint and the Prettier code formatter.
In July final 12 months, hackers hijacked a number of well-liked JavaScript libraries, ‘eslint-config-prettier’ amongst them, and revealed on npm variations embedded with malicious code.
Putting in an affected bundle (variations 8.10.1, 9.1.1, 10.1.6, and 10.1.7) would run a malicious set up.js script that launched the node-gyp.dll payload on Home windows to steal npm authentication tokens.
CISA additionally warned of CVE-2025-68645 being exploited. The vulnerability was disclosed on December 22, 2025, and is a native file inclusion vulnerability within the Webmail Basic UI of Zimbra Collaboration Suite 10.0 and 10.1.
The bug is attributable to improper dealing with of user-supplied parameters within the RestFilter servlet. An unauthenticated attacker can exploit the /h/relaxation endpoint to incorporate arbitrary recordsdata from the WebRoot listing.
CISA now requires all federal businesses certain by the BOD 22-01 directive to use out there safety updates or vendor-suggested mitigations, or to cease utilizing the merchandise by February 12, 2026.
The company has not shared any particulars in regards to the exploitation exercise, and the standing of the issues’ use in ransomware assaults was marked as ‘unknown.’
It is finances season! Over 300 CISOs and safety leaders have shared how they’re planning, spending, and prioritizing for the 12 months forward. This report compiles their insights, permitting readers to benchmark methods, determine rising traits, and evaluate their priorities as they head into 2026.
Find out how high leaders are turning funding into measurable influence.
