U.S. Cybersecurity Agency Issues Alert on Critical Software Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning regarding the active exploitation of four significant vulnerabilities affecting enterprise software solutions from both Versa and Zimbra, as well as the Vite frontend tooling framework and the Prettier code formatter.
These security deficiencies have been incorporated into CISA’s Known Exploited Vulnerabilities (KEV) catalog, signifying concrete evidence that malicious actors are taking advantage of these flaws in real-world scenarios.
One notable vulnerability is identified as CVE-2025-31125. This high-severity issue stems from improper access control and allows unauthorized files to be exposed when the server is openly accessible on the network.
It primarily affects only those development instances that are exposed and have been corrected in several updated versions: 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.
A further vulnerability marked by CISA is CVE-2025-34026. This critical-severity authentication bypass affects the Versa Concerto SD-WAN orchestration platform and results from misconfigurations associated with a Traefik reverse proxy, thus granting unimpeded access to administrative endpoints, including the internal Actuator endpoint.
This exposure can compromise heap dumps and trace logs. The impacted versions range from Concerto 12.1.2 to 12.2.0, with other versions potentially affected as well.
Researchers from cybersecurity firm ProjectDiscovery reported these vulnerabilities to the vendor on February 13, 2025, with Versa Concerto subsequently confirming that resolutions were in place by March 7, 2025.
Moreover, CISA has flagged CVE-2025-54313, a high-severity security flaw attributed to a supply-chain compromise impacting the eslint-config-prettier package. This package was designed to resolve conflicts between the ESLint code linter and the Prettier code formatter.
In July last year, a series of popular JavaScript libraries, including ‘eslint-config-prettier’, were hijacked with versions distributed on npm imbued with malicious code.
Installation of these compromised packages—specifically versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7—executed a harmful install.js script that activated the node-gyp.dll payload on Windows systems, leading to the theft of npm authentication tokens.
Additionally, CISA has cautioned about CVE-2025-68645. Disclosed on December 22, 2025, this vulnerability pertains to local file inclusion within the Webmail Classic UI of Zimbra Collaboration Suite versions 10.0 and 10.1.
It arises from inadequate handling of user-supplied parameters within the RestFilter servlet, enabling an unauthenticated attacker to exploit the /h/rest endpoint and include arbitrary files from the WebRoot directory.
CISA has mandated that all federal agencies, in accordance with the BOD 22-01 directive, must implement available security updates or recommended mitigations by February 12, 2026, or cease utilizing the affected products entirely.
The agency has refrained from disclosing specific details regarding the ongoing exploitation activities, noting the status of these vulnerabilities in relation to ransomware attacks remains ‘unknown.’
Source link: Bleepingcomputer.com.
