CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities

CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) added four vulnerabilities – CVE-2025-68645, CVE-2025-34026, CVE-2025-31125, and CVE-2025-54313 – to its Known Exploited Vulnerabilities (KEV) catalog on January 23, 2026. This action mandates U.S. federal agencies to remediate these flaws by February 12, 2026.

Why This Matters

Ideal security models assume prompt patching and vigilant supply chain security, but real-world deployments often lag due to complexity and resource constraints. Unpatched vulnerabilities, especially those actively exploited, create significant risk; a single successful exploit can lead to data breaches, system compromise, and substantial financial and reputational damage. The recent supply chain attack targeting eslint-config-prettier (CVE-2025-54313) highlights the expanding attack surface and the difficulty in maintaining software integrity.

Key Insights

• CVE-2025-68645 exploitation began January 14, 2026: CrowdSec reported ongoing exploitation attempts targeting the Zimbra vulnerability.
• Supply Chain Attacks are Increasing: CVE-2025-54313 demonstrates the growing threat of malicious code injected into legitimate software packages.
• BOD 22-01 enforces patching: This directive requires FCEB agencies to address KEV catalog vulnerabilities within a defined timeframe.

Practical Applications

• DevSecOps: Integrate vulnerability scanning and dependency checking into CI/CD pipelines to proactively identify and address flaws like those in eslint-config-prettier.
• Pitfall: Relying solely on dependency scanning without verifying the integrity of downloaded packages can leave systems vulnerable to supply chain attacks.

References:

• https://thehackernews.com/2026/01/cisa-updates-kev-catalog-with-four.html