The Cybersecurity and Infrastructure Security Agency (CISA) has updated its catalog of known exploited vulnerabilities (KEVs) with four new entries , demonstrating that hackers are actively exploiting vulnerabilities in popular development tools and enterprise platforms.
Topping the list in severity is a critical authentication flaw in Versa Concerto (CVE-2025-34026), a popular SD-WAN orchestration platform. This vulnerability, with a CVSS score of 9.2, allows attackers to bypass login screens entirely due to an incorrect configuration of the Traefik reverse proxy.
This effectively means handing over the keys to the treasure, as the Actuator’s internal endpoint can be exploited to obtain heap dumps and trace logs. The vulnerability affects versions 12.1.2 to 12.2.0.
Another warning has been issued by CISA regarding a malicious code infiltration (CVE-2025-54313) in the eslint-config-prettier tool , widely used by millions of developers for code formatting. The embedded malware has been detected in specific versions (10.1.7, 10.1.6, 9.1.1, and 8.10.1) of this tool.
Installing a package may seem like a trivial procedure, but it actually hides a subtle attack. The install.js file, executed during installation, activates the node-gyp.dll malware on Windows systems, turning a common task for developers into a potential security breach.
Additionally, a high severity Local File Inclusion (LFI) vulnerability (CVE-2025-68645) has been discovered in Synacor Zimbra Collaboration Suite (ZCS). The vulnerability, which affects versions 10.0 and 10.1, resides in the Webmail Classic user interface.
“An unauthenticated remote attacker can craft requests… allowing the inclusion of arbitrary files from the WebRoot directory,” the CVE statement reads. With a CVSS score of 8.8, this flaw provides attackers with a window to manipulate internal requests without ever logging in.
Rounding out the list is an improper access control vulnerability (CVE-2025-31125) in Vite, a frontend development tool. Despite having a CVSS score of less than 5.3, it poses a specific risk to network-exposed development environments.
The flaw allows “arbitrary file content” to be returned to the browser if the development server is configured to be accessible externally. Attackers can exploit this flaw by using manipulated URL parameters such as “raw&import” to read files they shouldn’t be displaying.
Federal agencies have been given a strict deadline of February 12, 2026, to fix these systems, but private organizations are urged to act immediately.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
