CISA Confirms Ongoing Exploitation of Four Enterprise Software Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has raised alarms about the active exploitation of four significant vulnerabilities affecting various enterprise software. These vulnerabilities originate from the platforms Versa, Zimbra, as well as the Vite frontend tooling framework and Prettier code formatter.
Overview of Vulnerabilities
The vulnerabilities have been included in CISA’s Known Exploited Vulnerabilities (KEV) catalog. This indicates that there is clear evidence of exploitation by malicious actors. The vulnerabilities are categorized by their severity levels, affecting numerous software versions widely used in enterprises.
Key Vulnerabilities
- CVE-2025-31125:
- Identified as a high-severity improper access control issue.
- Disclosed in March 2024.
- Can expose non-allowed files when server instances are openly accessible, impacting versions 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.
- CVE-2025-34026:
- Classified as a critical-severity authentication bypass in the Versa Concerto SD-WAN orchestration platform.
- Disclosed in May 2025, caused by a configuration error allowing unauthorized access to administrative endpoints.
- Affects versions 12.1.2 through 12.2.0, with reporting on February 13, 2025, and confirmation of a fix on March 7, 2025.
- CVE-2025-54313:
- A high-severity vulnerability linked to a supply-chain compromise affecting the eslint-config-prettier package.
- Malicious versions infiltrated JavaScript libraries, leading to unauthorized access to npm authentication tokens.
- Affected versions include 8.10.1, 9.1.1, 10.1.6, and 10.1.7.
- CVE-2025-68645:
- A local file inclusion vulnerability in Zimbra Collaboration Suite’s Webmail Classic UI.
- Disclosed on December 22, 2025, allowing exposure of arbitrary files from the WebRoot directory via the /h/rest endpoint.
Federal Response and Security Measures
In light of these discoveries, CISA mandates that all federal agencies adhere to the BOD 22-01 directive. This requires applying known security updates or alternate mitigations, or discontinuing use of the affected products by February 12, 2026.
Details regarding how these vulnerabilities are being exploited remain undisclosed, and there is uncertainty surrounding their usage in ransomware attacks.
As cybersecurity remains a critical concern, embracing strict security measures is essential for organizations. The evolving landscape brings new challenges, urging security teams to enhance their protocols and defenses against potential threats.
