U.S. CISA adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog
January 23, 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities (KEV) catalog.
Below are the flaws added to the catalog:
- CVE-2025-31125 (CVSS score of 5.3) Vite Vitejs Improper Access Control Vulnerability
- CVE-2025-34026 (CVSS score of 9.2) Versa Concerto Improper Authentication Vulnerability
- CVE-2025-54313 (CVSS score of 7.5) Prettier eslint-config-prettier Embedded Malicious Code Vulnerability
- CVE-2025-68645 (CVSS score of 8.8) Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability
The vulnerability CVE-2025-31125 in the JavaScript frontend framework Vite can expose the contents of non-allowed files via the ?inline&import or ?raw?import parameters. It affects applications that expose the Vite dev server to the network using --host or server.host. The issue is patched in versions 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.
The vulnerability CVE-2025-34026 is an authentication bypass in Versa Concerto SD-WAN caused by a Traefik reverse proxy misconfiguration, letting attackers access admin endpoints, heap dumps, and trace logs in versions 12.1.2–12.2.0.
The vulnerability CVE-2025-54313 is a supply-chain compromise affecting eslint-config-prettier versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7. The packages contain embedded malicious code that runs during installation, executing an install.js script that launches the node-gyp.dll malware on Windows systems, potentially allowing arbitrary code execution.
The vulnerability CVE-2025-68645 is a Local File Inclusion (LFI) vulnerability in the Webmail Classic UI of Zimbra Collaboration (ZCS) versions 10.0 and 10.1. Due to improper validation of user-supplied parameters in the RestFilter servlet, an unauthenticated remote attacker can send crafted requests to the /h/rest endpoint to manipulate internal request dispatching and include arbitrary files from the WebRoot directory, potentially exposing sensitive information.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerabilities by February 12, 2026.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, CISA)