ACCORDING to CISA, the Known Exploited Vulnerabilities (KEV) Catalog has been updated with four dangerous new entries, signalling active weaponisation of flaws in widely used developer tools and enterprise platforms.
Topping the list is Versa Concerto (CVE-2025-34026), an authentication bypass with a CVSS of 9.2 that lets attackers bypass login screens via a misconfiguration in the Traefik reverse proxy, giving access to administrative endpoints and heap dumps and trace logs through the internal Actuator endpoint in versions 12.1.2 to 12.2.0.
Also flagged is a malicious code injection in eslint-config-prettier (CVE-2025-54313) with embedded malware in specific versions (8.10.1, 9.1.1, 10.1.6, 10.1.7) that executes an install[.]js file and launches node-gyp[.]dll on Windows. A high‑severity Local File Inclusion in Synacor Zimbra Collaboration Suite (CVE-2025-68645) affects Webmail Classic UI on versions 10.0 and 10.1, allowing unauthenticated remote attackers to include arbitrary files from the WebRoot.
Rounding out the list is an improper access control in Vite (CVE-2025-31125), enabling reading of arbitrary files when the dev server is exposed externally. Federal agencies have a deadline of 12 February 2026 to patch these systems, with private organisations urged to act immediately.