Tech

CISA Enhances KEV Catalog with Four Exploited Software Vulnerabilities

Taylor KeatsmanTaylor Keatsman
 0
CISA Enhances KEV Catalog with Four Exploited Software Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog, introducing four new security flaws. These vulnerabilities are actively exploited, necessitating immediate attention from organizations to safeguard their systems.

CISA Enhances KEV Catalog with New Vulnerabilities

Below are the details of the vulnerabilities added to the KEV catalog:

Vulnerabilities and Their Impacts

  • CVE-2025-68645
    • CVSS Score: 8.8
    • Type: PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite (ZCS)
    • Impact: Allows remote attackers to make unauthorized requests to the “/h/rest” endpoint, enabling the inclusion of arbitrary files from the WebRoot directory.
    • Fix Released: November 2025 (version 10.1.13)
  • CVE-2025-34026
    • CVSS Score: 9.2
    • Type: Authentication bypass in Versa Concerto SD-WAN orchestration platform
    • Impact: Grants attackers access to administrative endpoints.
    • Fix Released: April 2025 (version 12.2.1 GA)
  • CVE-2025-31125
    • CVSS Score: 5.3
    • Type: Improper access control in Vite Vitejs
    • Impact: Enables the return of contents from arbitrary files using specific query parameters.
    • Fix Released: March 2025 (multiple versions).
  • CVE-2025-54313
    • CVSS Score: 7.5
    • Type: Embedded malicious code in eslint-config-prettier
    • Impact: Facilitates execution of a DLL known as Scavenger Loader, designed to steal information.
    • Context: Part of a supply chain attack involving several npm packages, revealed in July 2025.

Exploitation Details

There are reports of active exploitation for CVE-2025-68645 starting January 14, 2026. Additional details regarding the exploitation of the other vulnerabilities remain scant.

Mandatory Compliance for Federal Agencies

In accordance with Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to implement necessary fixes by February 12, 2026. This initiative aims to enhance security measures against ongoing threats.

Organizations are urged to review these vulnerabilities and take immediate action to secure their networks effectively.

Related Posts

Galaxy Z TriFold Launches in US: Discover It at Samsung Stores

Galaxy Z TriFold Launches in US: Discover It at Samsung...

Taylor Keatsman 24 Jan 2026  16

Strength Training Reduces Biological Age, Study Finds

Strength Training Reduces Biological Age, Study Finds

Taylor Keatsman 24 Jan 2026  0

“‘Marathon’ Avoids Launch Clash with ‘ARC Raiders’”

“‘Marathon’ Avoids Launch Clash with ‘ARC Raiders’”

Taylor Keatsman 24 Jan 2026  5

Apple’s AI Pin: A Potential Smartwatch Game-Changer Resembling an AirTag

Apple’s AI Pin: A Potential Smartwatch Game-Changer Res...

Taylor Keatsman 24 Jan 2026  0

Unveiling Siri Chatbot in iOS 27: Key Insights and Updates

Unveiling Siri Chatbot in iOS 27: Key Insights and Updates

Taylor Keatsman 24 Jan 2026  12

“Gemini’s Personal Intelligence Strikingly Resembles Familiar Tech”

“Gemini’s Personal Intelligence Strikingly Resembles Fa...

Taylor Keatsman 24 Jan 2026  1