US CISA Adds Four Actively Exploited Security Flaws to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added four security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on Thursday, citing evidence of active exploitation. The vulnerabilities include CVE-2025-68645 (CVSS score: 8.8), a PHP remote file inclusion flaw in Synacor Zimbra Collaboration Suite (ZCS). The article does not provide details on the three other vulnerabilities added to the catalog.