---
title: "CISA Warns of 4 Actively Exploited Vulnerabilities—Patch Now"
short_title: "CISA adds 4 critical exploited vulnerabilities"
description: "CISA has added four actively exploited vulnerabilities to its KEV catalog. Learn about the risks, affected systems, and mitigation steps to protect your network."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [cisa, known-exploited-vulnerabilities, cve-2025-31125, cve-2025-34026, cybersecurity]
score: 0.87
cve_ids: [CVE-2025-31125, CVE-2025-34026, CVE-2025-54313, CVE-2025-68645]
---
TL;DR
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after confirming active exploitation. These flaws pose significant risks to federal agencies and organizations worldwide. Immediate patching and mitigation are strongly recommended to prevent potential cyberattacks.
---
Main Content
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated its response to four critical vulnerabilities by adding them to its [Known Exploited Vulnerabilities (KEV) Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog). These vulnerabilities are being actively exploited by malicious cyber actors, making them a top priority for remediation. Federal agencies are mandated to address these flaws promptly, but all organizations are urged to follow suit to reduce their exposure to cyber threats.
Key Points
- CISA has added four new vulnerabilities to its KEV Catalog based on evidence of active exploitation.
- These vulnerabilities are frequent attack vectors for cybercriminals and pose significant risks to federal and private sector networks.
- Binding Operational Directive (BOD) 22-01 requires federal agencies to remediate these vulnerabilities by specified deadlines.
- While BOD 22-01 applies only to federal agencies, all organizations are advised to prioritize patching these flaws.
---
Technical Details
The four vulnerabilities added to the KEV Catalog are:
1. CVE-2025-31125: Vitejs Improper Access Control Vulnerability
- A flaw in Vite, a popular frontend build tool, that allows unauthorized access to sensitive resources due to improper access controls.
2. CVE-2025-34026: Versa Concerto Improper Authentication Vulnerability
- A vulnerability in Versa Concerto that enables attackers to bypass authentication mechanisms, potentially gaining unauthorized access to critical systems.
3. CVE-2025-54313: Prettier eslint-config-prettier Embedded Malicious Code Vulnerability
- A supply chain risk in Prettier’s eslint-config-prettier where malicious code can be embedded, leading to arbitrary code execution or data compromise.
4. CVE-2025-68645: Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability
- A remote file inclusion (RFI) flaw in Zimbra Collaboration Suite that allows attackers to execute arbitrary PHP code on vulnerable servers.
---
Impact Assessment
These vulnerabilities are particularly dangerous because they are actively being exploited in the wild. Cybercriminals and advanced persistent threat (APT) groups often leverage such flaws to:
- Gain unauthorized access to sensitive data.
- Deploy ransomware or other malicious payloads.
- Establish persistence within compromised networks.
- Exfiltrate confidential information.
Federal agencies are at heightened risk, but any organization using the affected software could become a target. The inclusion of these vulnerabilities in the KEV Catalog underscores their severity and the need for immediate action.
---
Mitigation Steps
CISA recommends the following steps to mitigate these vulnerabilities:
1. Apply Patches Immediately
- Ensure all affected systems are updated to the latest secure versions. Vendors have released patches for these vulnerabilities, and organizations should prioritize their deployment.
2. Follow CISA’s Guidelines
- Federal agencies must adhere to the remediation timelines outlined in BOD 22-01. Private organizations should use these guidelines as a benchmark for their own vulnerability management practices.
3. Monitor for Suspicious Activity
- Implement continuous monitoring to detect and respond to potential exploitation attempts. Use intrusion detection systems (IDS) and security information and event management (SIEM) tools to identify anomalous behavior.
4. Conduct Vulnerability Scans
- Regularly scan networks for known vulnerabilities and prioritize remediation based on risk. Tools like CISA’s Cyber Hygiene Services can help identify and address security gaps.
5. Educate Employees
- Train staff on recognizing phishing attempts and other social engineering tactics that may be used to exploit these vulnerabilities.
---
Affected Systems
The following systems and software are affected by the newly added vulnerabilities:
| CVE ID | Affected Software | Vulnerability Type |
|-----------------------|-------------------------------------|--------------------------------------|
| CVE-2025-31125 | Vitejs | Improper Access Control |
| CVE-2025-34026 | Versa Concerto | Improper Authentication |
| CVE-2025-54313 | Prettier eslint-config-prettier | Embedded Malicious Code |
| CVE-2025-68645 | Synacor Zimbra Collaboration Suite | PHP Remote File Inclusion |
---
Conclusion
The addition of these four vulnerabilities to CISA’s Known Exploited Vulnerabilities Catalog serves as a critical reminder of the importance of proactive cybersecurity measures. Organizations must prioritize patching these flaws to protect their networks from active threats. While federal agencies are required to act, all businesses and institutions should treat these vulnerabilities as a top priority to mitigate risks and prevent potential breaches.
CISA will continue to update the KEV Catalog as new threats emerge. Staying informed and adopting a risk-based vulnerability management approach is essential for maintaining robust cybersecurity defenses.
---
References
[^1]: CISA. "[CISA Adds Four Known Exploited Vulnerabilities to Catalog](https://www.cisa.gov/news-events/alerts/2026/01/22/cisa-adds-four-known-exploited-vulnerabilities-catalog)". Retrieved 2025-01-24.
[^2]: CVE Details. "[CVE-2025-31125](https://www.cve.org/CVERecord?id=CVE-2025-31125)". Retrieved 2025-01-24.
[^3]: CVE Details. "[CVE-2025-34026](https://www.cve.org/CVERecord?id=CVE-2025-34026)". Retrieved 2025-01-24.
[^4]: CVE Details. "[CVE-2025-54313](https://www.cve.org/CVERecord?id=CVE-2025-54313)". Retrieved 2025-01-24.
[^5]: CVE Details. "[CVE-2025-68645](https://www.cve.org/CVERecord?id=CVE-2025-68645)". Retrieved 2025-01-24.