The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added four security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
Here are the vulnerabilities that were added:
- CVE-2025-68645 (CVSS score: 8.8) – A PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite.
- CVE-2025-34026 (CVSS score: 9.2) – An authentication bypass in the Versa Concerto SD-WAN orchestration platform.
- CVE-2025-31125 (CVSS score: 5.3) – An improper access control vulnerability in Vite Vitejs.
- CVE-2025-54313 (CVSS score: 7.5) – An embedded malicious code vulnerability in eslint-config-prettier.
A noteworthy mention is CVE-2025-54313, which was part of a supply chain attack targeting eslint-config-prettier and other npm packages.
According to CrowdSec, exploitation efforts for CVE-2025-68645 have been ongoing since January 14, 2026, with no details available on the exploitation of the other vulnerabilities.
Organizations are urged to apply necessary fixes by February 12, 2026, to secure their networks against these active threats.
