Alerts

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog Including Vite and Zimbra Flaws

Zero Day Wire

1 min read
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog Including Vite and Zimbra Flaws

CISA has added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after confirming active exploitation in the wild, affecting widely deployed development tools, email infrastructure, and enterprise networking products.

The newly catalogued vulnerabilities impact Vite, Versa Concerto, eslint-config-prettier, and Synacor Zimbra Collaboration Suite. Under Binding Operational Directive 22-01, Federal Civilian Executive Branch agencies must remediate these flaws by the mandated deadlines.

Vulnerabilities Added

CVE-2025-31125 — Vite Improper Access Control

Vite, the popular frontend build tool with millions of weekly npm downloads, contains an improper access control vulnerability that attackers are actively exploiting. The flaw affects the Vite development server and could allow unauthorized access to sensitive files.

CVE-2025-34026 — Versa Concerto Improper Authentication

Versa Concerto, an enterprise SD-WAN orchestration platform, contains an authentication bypass vulnerability. Successful exploitation could allow attackers to gain unauthorized access to network management infrastructure.

CVE-2025-54313 — eslint-config-prettier Embedded Malicious Code

In a supply chain compromise, the eslint-config-prettier package was found to contain embedded malicious code. This popular ESLint configuration used by JavaScript developers to disable formatting rules could execute unauthorized code in development environments.

CVE-2025-68645 — Zimbra Collaboration Suite PHP Remote File Inclusion

Synacor Zimbra Collaboration Suite, a widely deployed enterprise email and collaboration platform, contains a PHP remote file inclusion vulnerability. Zimbra has been a frequent target for threat actors, with multiple previous vulnerabilities appearing in the KEV catalog.

Remediation Required

While BOD 22-01 mandates remediation only for federal agencies, CISA strongly urges all organizations to prioritize patching KEV-listed vulnerabilities as part of their vulnerability management programs.

Organizations running affected products should apply available patches immediately or implement vendor-recommended mitigations.

Read more

ClickFix Campaign Compromises Legitimate Sites to Deploy MIMICRAT — A Custom C++ RAT With 22 Post-Exploitation Commands

ClickFix Campaign Compromises Legitimate Sites to Deploy MIMICRAT — A Custom C++ RAT With 22 Post-Exploitation Commands

Elastic Security Labs has disclosed a new ClickFix campaign that leverages compromised legitimate websites as delivery infrastructure to deploy a previously undocumented remote access trojan dubbed MIMICRAT (also tracked as AstarionRAT). The campaign, discovered earlier this month, demonstrates significant operational sophistication — from multi-stage PowerShell chains that bypass Windows security controls

By Zero Day Wire
ShinyHunters Linked to Device Code Vishing Attacks Targeting Microsoft Entra Accounts via OAuth 2.0 Abuse

ShinyHunters Linked to Device Code Vishing Attacks Targeting Microsoft Entra Accounts via OAuth 2.0 Abuse

A new wave of attacks is combining voice phishing (vishing) with OAuth 2.0 device authorization abuse to compromise Microsoft Entra accounts at technology, manufacturing, and financial organizations — bypassing traditional phishing infrastructure entirely. Sources told BleepingComputer they believe the ShinyHunters extortion gang is behind the campaigns, which the threat actors

By Zero Day Wire