Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities

CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities

CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities

https://firewall.firm.in/wp-content/uploads/2026/01/cisa.jpg

Ravie LakshmananJan 23, 2026Vulnerability / Software Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

The list of vulnerabilities is as follows –

  • CVE-2025-68645 (CVSS score: 8.8) – A PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that could allow a remote attacker to craft requests to the “/h/rest” endpoint and allow inclusion of arbitrary files from the WebRoot directory without any authentication (Fixed in November 2025 with version 10.1.13)
  • CVE-2025-34026 (CVSS score: 9.2) – An authentication bypass in the Versa Concerto SD-WAN orchestration platform that could allow an attacker to access administrative endpoints (Fixed in April 2025 with version 12.2.1 GA)
  • CVE-2025-31125 (CVSS score: 5.3) – An improper access control vulnerability in Vite Vitejs that could allow contents of arbitrary files to be returned to the browser using ?inline&import or ?raw?import (Fixed in March 2025 with versions 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11)
  • CVE-2025-54313 (CVSS score: 7.5) – An embedded malicious code vulnerability in eslint-config-prettier that could allow for execution of a malicious DLL dubbed Scavenger Loader that’s designed to deliver an information stealer
Cybersecurity

It’s worth noting that CVE-2025-54313 refers to a supply chain attack targeting eslint-config-prettier and six other npm packages, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall, got-fetch, and is, that came to light in July 2025.

The phishing campaign targeted the package maintainers with bogus links that harvested their credentials under the pretext of verifying their email address as part of regular account maintenance, allowing the threat actors to publish trojanized versions.

According to CrowdSec, exploitation efforts targeting CVE-2025-68645 have been ongoing since January 14, 2026. There are currently no details on how the other vulnerabilities are being exploited in the wild.

Pursuant to Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary fixes by February 12, 2026, to secure their networks against active threats.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

Juniper Firewall
Cisco Firewall
Checkpoint Firewall
paloalto Firewall
Fortinet Firewall
Forcepoint Firewall

 

Sophos Firewall
WatchGuard Firewall
Barracuda Firewall
Sonicwall Firewall
GajShield Firewall
Seqrite Firewall

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket

Firewall Firm is a Managed Firewall Security Solution Provider Company in India | Digital Marketing by SEO Company India | Powered by IT Monteur