On January 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) catalog by adding four vulnerabilities with evidence of active exploitation. The most critical among these is CVE-2025-68645, a PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite (ZCS) with a CVSS score of 8.8. This flaw allows unauthenticated remote attackers to craft requests to the "/h/rest" endpoint, enabling arbitrary file inclusion from the WebRoot directory, potentially leading to remote code execution. This vulnerability was fixed in version 10.1.13 released in November 2025. Another significant vulnerability is CVE-2025-34026 (CVSS 9.2), an authentication bypass in the Versa Concerto SD-WAN orchestration platform, allowing attackers to access administrative endpoints without credentials, fixed in version 12.2.1 GA. CVE-2025-31125 (CVSS 5.3) is an improper access control issue in Vite Vitejs that can leak arbitrary file contents to browsers, fixed in multiple versions in March 2025. Lastly, CVE-2025-54313 (CVSS 7.5) involves a supply chain attack targeting eslint-config-prettier and six other npm packages, where attackers used phishing to compromise maintainers and publish trojanized versions embedding a malicious DLL called Scavenger Loader designed to steal information. Exploitation of CVE-2025-68645 has been ongoing since mid-January 2026, while details on exploitation of the other vulnerabilities remain limited. The vulnerabilities affect a range of software used in collaboration suites, SD-WAN orchestration, JavaScript tooling, and npm package ecosystems. The U.S. Federal Civilian Executive Branch is mandated to patch these by February 12, 2026, highlighting the urgency. The supply chain attack underscores risks in open-source package management and developer account security. The combination of remote code execution, authentication bypass, and supply chain compromise represents a multifaceted threat landscape requiring coordinated defense.

European organizations using Synacor Zimbra Collaboration Suite, Versa Concerto SD-WAN platforms, Vite Vitejs, or npm packages such as eslint-config-prettier face significant risks. Exploitation of the Zimbra vulnerability can lead to remote code execution, allowing attackers to compromise mail servers, access sensitive communications, and potentially pivot within networks. The Versa Concerto authentication bypass threatens the integrity and availability of SD-WAN orchestration, critical for secure and reliable network connectivity, potentially disrupting business operations and exposing administrative controls to attackers. The Vitejs flaw can leak sensitive file contents, risking confidentiality breaches in web applications. The supply chain attack on npm packages can lead to widespread compromise of development environments and downstream applications, enabling data theft and persistent footholds. For European entities, this could mean data breaches, intellectual property theft, operational disruption, and reputational damage. Critical infrastructure, government agencies, and enterprises relying on these technologies are particularly vulnerable. The active exploitation and supply chain nature increase the likelihood of widespread impact. Additionally, the complexity of supply chain attacks complicates detection and remediation efforts.

European organizations should immediately inventory their environments to identify deployments of Synacor Zimbra Collaboration Suite, Versa Concerto SD-WAN, Vite Vitejs, and usage of affected npm packages. Apply the latest patches: upgrade Zimbra to version 10.1.13 or later, Versa Concerto to 12.2.1 GA or later, and Vitejs to the fixed versions released in March 2025. For npm packages, verify package integrity using checksums and consider using tools like npm audit and supply chain security platforms to detect trojanized packages. Implement strict access controls and monitoring on administrative endpoints, especially for SD-WAN orchestration platforms. Enhance developer account security by enforcing multi-factor authentication and educating maintainers about phishing risks. Employ runtime application self-protection (RASP) and web application firewalls (WAF) to detect and block exploitation attempts targeting remote file inclusion and authentication bypass vulnerabilities. Conduct thorough code reviews and dependency scans to identify malicious code injections. Establish incident response plans tailored to supply chain compromise scenarios. Collaborate with software vendors and security communities to stay informed about emerging exploitation techniques and patches. Finally, consider network segmentation to limit lateral movement if a compromise occurs.