The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities (KEV) Catalog, adding five significant software flaws within just 18 hours. Among the newly identified vulnerabilities are those affecting enterprise solutions from companies such as Versa, Zimbra, as well as developer tools like Vite and Prettier.
On January 22, CISA incorporated these various vulnerabilities into its catalog and later included a critical flaw in VMware’s vCenter Server. This marked the tenth exploited vulnerability recognized in the catalog for this year.
According to standard protocol, CISA refrained from disclosing the identities of the threat actors involved or the specific methods of exploitation. However, the agency did indicate that these vulnerabilities are commonly targeted by malicious cyber entities and pose serious risks to federal operations.
Critical Flaws in Versa, Zimbra, and VMware Software
The vulnerability affecting the Versa Concerto, labeled CVE-2025-34026, has a severity rating of 9.2. This flaw pertains to improper authentication in the SD-WAN orchestration platform’s Traefik reverse proxy configuration. It presents a significant risk as an attacker could potentially access sensitive administrative endpoints, including internal actuator endpoints that provide access to heap dumps and trace logs. The issue impacts versions from 12.1.2 to 12.2.0, although there is a warning from the National Vulnerability Database (NVD) indicating that further versions might also be at risk.
Project Discovery originally uncovered this vulnerability along with two others last year. In another significant case, CVE-2024-37079, rated at 9.8, affects Broadcom’s VMware vCenter Server. This out-of-bounds write/heap overflow vulnerability is associated with the DCERPC protocol’s implementation. As outlined by the NVD, a malicious entity with network access to the vCenter Server could exploit this flaw by sending a specially crafted packet, enabling potential remote code execution.
The Cyber Express previously highlighted the concerning possibilities related to CVE-2024-37079 and related vulnerabilities in vCenter, noting the product’s widespread use globally increases the likelihood of threat actors exploiting such significant flaws.
Additionally, CVE-2025-68645, rated at 8.8, is a Local File Inclusion (LFI) vulnerability found in the Classic Webmail UI of Zimbra Collaboration (ZCS) versions 10.0 and 10.1. This flaw involves improper handling of user-requested parameters in the RestFilter servlet, allowing an unauthenticated attacker to craft requests to the /h/rest endpoint. This could influence internal request routing and enable the inclusion of arbitrary files from the WebRoot directory, posing a substantial security threat.
Vulnerabilities in Vite and Prettier Code Tools
Additionally, CVE-2025-54313 has been identified as a serious embedded malicious code vulnerability affecting the eslint-config-prettier package associated with the Prettier code formatting tool. This vulnerability originated from a supply chain attack in July. Specifically, the malicious code embedded in versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7 can execute an install.js file, thereby unleashing the node-gyp.dll malware on Windows systems, according to the NVD.
Furthermore, CVE-2025-31125 reflects a medium-to-high severity issue related to improper access control in Vite, a frontend tooling framework for JavaScript. This vulnerability can inadvertently expose the contents of restricted files when applications explicitly expose the Vite development server to the network. Relief comes from updates which rectify the issue in versions 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.
