CISA has confirmed active exploitation of four critical vulnerabilities in widely used enterprise software, urging immediate action from federal agencies and organizations worldwide. These flaws, now added to the agency's Known Exploited Vulnerabilities (KEV) catalog, affect products from Versa, Zimbra, Vite, and Prettier, with evidence of real-world attacks underway. As cyber threats escalate in 2026, this development highlights the urgent need for swift patching to safeguard networks.
The first vulnerability, CVE-2025-31125, is a high-severity improper access control issue in the Vite frontend tooling framework. It allows attackers to expose non-allowed files if the server is exposed to the network, primarily impacting development instances . Patched in versions 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11, this flaw underscores the risks of misconfigured dev environments in production-like setups.
CVE-2025-34026 represents a critical authentication bypass in Versa Concerto SD-WAN orchestration platform, versions 12.1.2 through 12.2.0. Stemming from a Traefik reverse proxy misconfiguration, it grants unauthorized access to admin endpoints, including sensitive heap dumps and trace logs . Discovered by ProjectDiscovery in February 2025 and fixed by March, it exposes enterprises relying on SD-WAN to potential data leaks and deeper intrusions.
A supply-chain attack targeted the eslint-config-prettier package via CVE-2025-54313, compromising npm versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7. Malicious install scripts deployed node-gyp.dll payloads on Windows to steal npm tokens, affecting developers using ESLint and Prettier for code formatting . This incident reveals the growing dangers of dependency hijacking in open-source ecosystems.
Finally, CVE-2025-68645 is a local file inclusion flaw in Zimbra Collaboration Suite 10.0 and 10.1's Webmail Classic UI. Unauthenticated attackers exploit the /h/rest endpoint due to poor parameter handling in the RestFilter servlet, reading arbitrary WebRoot files . CISA mandates federal agencies to patch by February 12, 2026, or discontinue use, emphasizing proactive vulnerability management amid unknown ransomware links.