New Vulnerabilities Added to CISA’s Catalog

The United States Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog by incorporating four critical vulnerabilities that could pose serious risks to various software environments. Here’s a closer look at each vulnerability and the potential implications for users and organizations.

CVE-2025-31125: A Weakness in Vite

The first entry is CVE-2025-31125, which has been identified in Vite, a popular front-end tooling framework for JavaScript. As indicated in a security update shared on Vite’s GitHub repository in March 2025, this vulnerability grants attackers the ability to read arbitrary files. The issue primarily affects applications that expose the Vite developer server to external networks. The specific versions impacted by this vulnerability are:

• Vite versions 6.2.0 through 6.2.4
• Vite versions 6.1.0 through 6.1.3

Organizations using these specific versions should take immediate steps to mitigate exposure.

CVE-2025-34026: Vulnerability in Versa Concerto

Next up is CVE-2025-34026, which affects the SD-WAN orchestration platform Versa Concerto. This vulnerability pertains to versions 12.1.2 through 12.2.0 and was first reported in May 2025, with further updates in November. The flaw stems from an authentication bypass in the Traefik reverse proxy configuration, presenting a potential route for attackers to gain access to administrative endpoints.

Open-source cybersecurity group Project Discovery has conducted comprehensive research on the Versa Concerto platform and has characterized several vulnerabilities that pose substantial security threats. A blog post from Project Discovery highlights various vulnerabilities, including authentication bypasses and remote code execution risks, underscoring the urgency for enterprises utilizing this technology to address these issues swiftly.

CVE-2025-68645: Zimbra Collaboration Concerns

CVE-2025-68645 uncovers a local file inclusion vulnerability found in the Webmail Classic UI of Zimbra Collaboration, versions 10.0 and 10.1. According to the CVE listing, this flaw allows unauthenticated remote attackers to craft specific requests to the /h/rest endpoint. Consequently, this capability enables the inclusion of arbitrary files from the WebRoot directory, raising concerns for Zimbra users regarding unauthorized access to sensitive data.

CVE-2025-54313: Supply Chain Compromise

Lastly, CVE-2025-54313 signifies a supply chain compromise found in eslint-config-prettier, affecting versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7. While this vulnerability was registered in August 2025, it first gained attention in July. Application security firm Socket outlined in a July 19, 2025 blog post how a suspicious activity report on the eslint-config-prettier repository revealed that four new versions were released without any corresponding commits or PRs on GitHub. This discovery led maintainers to uncover malicious code within these new versions, which included a Windows-specific payload that aimed to load node-gyp.dll via rundll32.

Immediate Action Required

With these vulnerabilities now part of CISA’s catalog, it is crucial for developers and organizations utilizing these software products to take proactive measures. Regularly updating software, conducting vulnerability assessments, and adopting robust security practices can help mitigate the risks associated with these newly disclosed vulnerabilities. As the threat landscape continues to evolve, staying informed and prepared is key to maintaining cybersecurity integrity.