CISA added four vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. When a CVE lands in KEV, it means defenders should treat remediation as urgent.

New KEV additions:

  • Vite (CVE-2025-31125): Improper access control; exposed dev servers can leak files.
  • Versa Concerto SD‑WAN (CVE-2025-34026): Critical auth bypass tied to Traefik reverse proxy misconfiguration.
  • Prettier / eslint-config-prettier (CVE-2025-54313): Supply‑chain compromise via malicious npm releases.
  • Zimbra Collaboration Suite (CVE-2025-68645): Local file inclusion in the classic webmail UI.

Why this matters: these bugs span developer tooling, network orchestration, and enterprise collaboration. That mix creates multiple entry points for attackers, which is why KEV should drive prioritization across teams, not just one product owner.

Recommended actions (fastest to risk reduction): 1) Patch or isolate any internet‑exposed Vite dev servers and Zimbra webmail endpoints. 2) Validate SD‑WAN management plane hardening and update Versa Concerto promptly. 3) Audit build pipelines for affected npm packages and rotate any exposed tokens.

Sources:

Image credit: Seal of the Cybersecurity and Infrastructure Security Agency (public domain) via Wikimedia Commons — https://commons.wikimedia.org/wiki/File:Seal_of_Cybersecurity_and_Infrastructure_Security_Agency.svg