CISA has added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, with evidence of active exploitation in the wild cited by the agency.
The four flaws are CVE-2025-68645 (CVSS 8.8), a PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite; CVE-2025-34026 (CVSS 9.2), an authentication bypass in Versa Concerto SD-WAN; CVE-2025-31125 (CVSS 5.3), an improper access control flaw in Vite; and CVE-2025-54313 (CVSS 7.5), an embedded malicious code vulnerability in eslint-config-prettier.
According to CrowdSec, exploitation efforts targeting CVE-2025-68645 have been ongoing since 14 January 2026, while there are currently no details on how the other vulnerabilities are being exploited in the wild. The article notes that CVE-2025-54313 refers to a supply chain attack involving npm packages, and that a phishing campaign harvested credentials tied to maintainers.
Pursuant to Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary fixes by 12 February 2026 to secure their networks against the active threats.