The Cybersecurity and Infrastructure Security Agency (CISA) has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, indicating these flaws are being actively exploited in the wild.
Newly Added Vulnerabilities
CVE-2024-37079 — Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability
A critical out-of-bounds write vulnerability affecting VMware vCenter Server. This flaw could allow attackers to execute arbitrary code on affected systems, posing significant risks to virtualized infrastructure environments.
CVE-2025-68645 — Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability
A remote file inclusion vulnerability in Zimbra Collaboration Suite's PHP implementation. Exploitation could enable attackers to include malicious remote files, potentially leading to remote code execution on vulnerable email servers.
CVE-2025-34026 — Versa Concerto Improper Authentication Vulnerability
An improper authentication vulnerability in Versa Concerto. This flaw could allow unauthorized access to systems due to insufficient authentication controls.
CVE-2025-31125 — Vite Vitejs Improper Access Control Vulnerability
An improper access control vulnerability affecting Vite, a popular frontend build tool. This flaw could allow attackers to bypass intended access restrictions.
CVE-2025-54313 — Prettier eslint-config-prettier Embedded Malicious Code Vulnerability
A supply chain vulnerability involving embedded malicious code in the eslint-config-prettier package. This type of vulnerability highlights ongoing risks in software supply chains and package dependencies.
Recommended Actions
Organizations using affected products should prioritize patching these vulnerabilities immediately. CISA's KEV catalog serves as an authoritative source of vulnerabilities known to be exploited, and federal agencies are required to remediate these flaws within specified timeframes under Binding Operational Directive 22-01.
Review vendor advisories for specific remediation guidance and apply available patches or mitigations as soon as possible.
![[Video] CVE-2025-6389: WordPress Sneeit Framework plugin vulnerability currently under active exploitation](/content/images/size/w1304/format/webp/2026/01/CVE-2025-6389.png)
![[Video] CVE-2025-26529: Moodle XSS to RCE Exploit](/content/images/size/w1304/format/webp/2026/01/moodle_xss.png)
