Alerts

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog Including Vite and Zimbra Flaws

Zero Day Wire

1 min read
Share
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog Including Vite and Zimbra Flaws

CISA has added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after confirming active exploitation in the wild, affecting widely deployed development tools, email infrastructure, and enterprise networking products.

The newly catalogued vulnerabilities impact Vite, Versa Concerto, eslint-config-prettier, and Synacor Zimbra Collaboration Suite. Under Binding Operational Directive 22-01, Federal Civilian Executive Branch agencies must remediate these flaws by the mandated deadlines.

Vulnerabilities Added

CVE-2025-31125 — Vite Improper Access Control

Vite, the popular frontend build tool with millions of weekly npm downloads, contains an improper access control vulnerability that attackers are actively exploiting. The flaw affects the Vite development server and could allow unauthorized access to sensitive files.

CVE-2025-34026 — Versa Concerto Improper Authentication

Versa Concerto, an enterprise SD-WAN orchestration platform, contains an authentication bypass vulnerability. Successful exploitation could allow attackers to gain unauthorized access to network management infrastructure.

CVE-2025-54313 — eslint-config-prettier Embedded Malicious Code

In a supply chain compromise, the eslint-config-prettier package was found to contain embedded malicious code. This popular ESLint configuration used by JavaScript developers to disable formatting rules could execute unauthorized code in development environments.

CVE-2025-68645 — Zimbra Collaboration Suite PHP Remote File Inclusion

Synacor Zimbra Collaboration Suite, a widely deployed enterprise email and collaboration platform, contains a PHP remote file inclusion vulnerability. Zimbra has been a frequent target for threat actors, with multiple previous vulnerabilities appearing in the KEV catalog.

Remediation Required

While BOD 22-01 mandates remediation only for federal agencies, CISA strongly urges all organizations to prioritize patching KEV-listed vulnerabilities as part of their vulnerability management programs.

Organizations running affected products should apply available patches immediately or implement vendor-recommended mitigations.

Read more

Nx Console VS Code Extension Compromised — 2.2 Million Installs Exposed to Credential Stealer With Sigstore Supply Chain Poisoning Capability

Nx Console VS Code Extension Compromised — 2.2 Million Installs Exposed to Credential Stealer With Sigstore Supply Chain Poisoning Capability

A compromised version of the Nx Console extension — a popular VS Code plugin with over 2.2 million installations — was published to the Visual Studio Code Marketplace after an attacker leveraged stolen developer credentials to inject a multi-stage credential stealer into the official nrwl/nx GitHub repository. The malicious version

By Zero Day Wire
Pre-Stuxnet Sabotage Malware Fast16 Confirmed as Nuclear Weapons Simulation Tampering Tool Dating Back to 2005

Pre-Stuxnet Sabotage Malware Fast16 Confirmed as Nuclear Weapons Simulation Tampering Tool Dating Back to 2005

Symantec and Carbon Black have published a definitive analysis confirming that Fast16, a Lua-based malware framework first surfaced by SentinelOne weeks ago, was purpose-built to sabotage nuclear weapons testing simulations. The findings establish Fast16 as the earliest known cyber sabotage tool targeting nuclear weapons research — predating the first known version

By Zero Day Wire