The Cybersecurity and Infrastructure Safety Company (CISA) within the U.S. warned of energetic exploitation of 4 vulnerabilities impacting enterprise software program from Versa and Zimbra, the Vite frontend tooling framework, and the Prettier code formatter.
The security points have been added to CISA’s KEV (Identified Exploited Vulnerabilities) catalog, indicating that the company has proof that hackers are exploiting them within the wild.
One of many vulnerabilities is CVE-2025-31125, a high-severity improper entry management difficulty disclosed in March final 12 months that may be exploited to reveal non-allowed recordsdata when the server is explicitly uncovered to the community.
The problem impacts solely uncovered dev cases and has been patched in variations 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.
One other bug CISA marked as exploited is CVE-2025-34026, a critical-severity authentication bypass within the Versa Concerto SD-WAN orchestration platform disclosed in Could 2025. It’s brought on by a Traefik reverse proxy misconfiguration that enables entry to administrative endpoints, together with the inner Actuator endpoint, exposing heap dumps and hint logs.
Affected merchandise are Concerto 12.1.2 by 12.2.0, though extra variations could even be impacted.
Researchers at cybersecurity firm ProjectDiscovery reported the problems to the seller on February 13, 2025, and Versa Concerto confirmed to BleepingComputer that that they had fastened them on March 7, 2025.
The US cybersecurity company additionally lists CVE-2025-54313 as leveraged in assaults, a high-severity vulnerability on account of supply-chain compromise affecting the eslint-config-prettier bundle for resolving conflicts between code linter ESLint and the Prettier code formatter.
In July final 12 months, hackers hijacked a number of standard JavaScript libraries, ‘eslint-config-prettier’ amongst them, and revealed on npm variations embedded with malicious code.
Putting in an affected bundle (variations 8.10.1, 9.1.1, 10.1.6, and 10.1.7) would run a malicious set up.js script that launched the node-gyp.dll payload on Home windows to steal npm authentication tokens.
CISA additionally warned of CVE-2025-68645 being exploited. The vulnerability was disclosed on December 22, 2025, and is a native file inclusion vulnerability within the Webmail Traditional UI of Zimbra Collaboration Suite 10.0 and 10.1.
The bug is brought on by improper dealing with of user-supplied parameters within the RestFilter servlet. An unauthenticated attacker can exploit the /h/relaxation endpoint to incorporate arbitrary recordsdata from the WebRoot listing.
CISA now requires all federal businesses sure by the BOD 22-01 directive to use out there security updates or vendor-suggested mitigations, or to cease utilizing the merchandise by February 12, 2026.
The company has not shared any particulars concerning the exploitation exercise, and the standing of the failings’ use in ransomware assaults was marked as ‘unknown.’
As MCP (Mannequin Context Protocol) turns into the usual for connecting LLMs to instruments and knowledge, security groups are shifting quick to maintain these new companies secure.
This free cheat sheet outlines 7 greatest practices you can begin utilizing in the present day.
