The US Cybersecurity and Infrastructure Security Agency (CISA) has added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation in the wild.
The exploited flaws include CVE-2025-68645, a critical remote file inclusion vulnerability affecting Synacor’s Zimbra Collaboration Suite that allows unauthenticated attackers to include arbitrary files via the “/h/rest” endpoint. The issue was fixed in version 10.1.13 released in November 2025.
The second vulnerability is CVE-2025-34026, a critical authentication bypass in the Versa Concerto SD-WAN orchestration platform that could grant access to administrative endpoints, which was resolved in April 2025 with version 12.2.1 GA.
The third one, CVE-2025-31125, is an improper access control issue in Vite and Vitejs that allows attackers to retrieve arbitrary file contents through crafted import parameters. The flaw was fixed across multiple branches in March 2025.
Another KEV entry, CVE-2025-54313, involves embedded malicious code (backdoor) in eslint-config-prettier that can lead to execution of a malicious DLL known as Scavenger Loader, designed to deploy an information stealer.
The list also includes CVE-2024-37079, a critical heap overflow in the DCE/RPC protocol implementation used by VMware vCenter Server that allows remote code execution via specially crafted network packets.
Broadcom fixed the flaw in June 2024 alongside CVE-2024-37080, and later confirmed in-the-wild exploitation, although details about the attack vectors, threat actors, or scale remain unknown. Researchers noted the issues are part of a broader set of four DCE/RPC vulnerabilities, with the remaining two, CVE-2024-38812 and CVE-2024-38813, fully patched in October 2024.