The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five enterprise software flaws to its Known Exploited Vulnerabilities (KEV) Catalog in an 18-hour span.
On January 22, CISA added vulnerabilities from Versa and Zimbra to the KEV catalog, along with flaws affecting Vite and Prettier developer tools.
Today, CISA added a VMware vCenter Server vulnerability to the KEV catalog, the tenth exploited vulnerability added to the catalog this year.
Per typical practice, CISA didn’t name the threat actors exploiting the vulnerabilities or say how the flaws are being exploited, noting only that “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.”
None of the vulnerabilities were marked as known to be exploited by ransomware groups.
Versa, Zimbra and VMware Enterprise Software Flaws
The Versa Concerto vulnerability is CVE-2025-34026, a 9.2-severity Improper Authentication vulnerability in the SD-WAN orchestration platform’s Traefik reverse proxy configuration that could allow an attacker to access administrative endpoints, including the internal Actuator endpoint, for access to heap dumps and trace logs. The issue affects Concerto from 12.1.2 through 12.2.0, although the National Vulnerability Database (NVD) notes that “Additional versions may be vulnerable.”
Project Discovery revealed the vulnerability and two others last year.
CVE-2024-37079 is a 9.8-rated Broadcom VMware vCenter Server out-of-bounds write/heap-overflow vulnerability in the implementation of the DCERPC protocol. “A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution,” the NVD entry says.
The Cyber Express noted in a June 2024 article on CVE-2024-37079 and two other vCenter vulnerabilities, “With the global usage of the impacted product and the history of leveraging flaws impacting vCenter, there is strong potential for threat actors to leverage these critical vulnerabilities also.”
CVE-2025-68645 is an 8.8-rated Local File Inclusion (LFI) vulnerability in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 that allows improper handling of user-supplied request parameters in the RestFilter servlet. “An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory,” says the NVD database.
Vite and Prettier Code Tool Vulnerabilities
CVE-2025-54313 is a high-severity embedded malicious code vulnerability affecting the eslint-config-prettier package for the Prettier code formatting tool that stems from a supply chain attack last July. The embedded malicious code in eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 can execute an install.js file that launches the node-gyp.dll malware on Windows, NVD notes.
CVE-2025-31125 is a medium-to-high severity Improper Access Control vulnerability affecting Vite ViteJS, a frontend tooling framework for JavaScript. The vulnerability can expose the content of non-allowed files when apps explicitly expose the Vite dev server to the network. Th vulnerability is fixed in 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.
