Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

The US cybersecurity agency CISA on Monday expanded its Known Exploited Vulnerabilities (KEV) catalog with eight more flaws, including three that have not previously been flagged as exploited. The most recent of these is CVE-2026-20133, a high-severity information disclosure bug in Cisco Catalyst SD-WAN Manager that was patched in February. Insufficient file system access restrictions could allow an attacker to access the API of an affected system and read information on the underlying operating system. The CVE was disclosed in February alongside CVE-2026-20122 and CVE-2026-20128, two SD-WAN flaws that Cisco flagged as exploited in March. Now, CISA has added all three to the KEV list. The agency also warned that two security defects disclosed last year in Kentico Xperience and Zimbra Collaboration Suite (ZCS), both leading to remote code execution (RCE), have been exploited in attacks. Tracked as CVE-2025-2749, the Kentico bug is described as a path traversal and arbitrary file upload issue that could allow attackers to execute content on the server remotely. The weakness exists because the Staging Sync Server of Kentico Xperience versions 13.0.178 and prior would upload arbitrary files to path-relative locations. Authentication is required for successful exploitation. In March last year, WatchTowr explained that hackers could chain three flaws in Kentico, including an authenticated RCE issue, to compromise deployments. Two of the weaknesses, tracked as CVE-2025-2746 and CVE-2025-2747, were added to CISA’s KEV catalog in October. The ZCS vulnerability that CISA added to KEV this week is CVE-2025-48700, an XSS bug in the Zimbra Classic UI that can be exploited to execute JavaScript code within the user’s session. Rooted in the insufficient sanitization of HTML content, the flaw can be triggered when the user opens a crafted message in the Classic UI. The other three flaws added to CISA’s KEV on Monday include CVE-2025-32975, a critical Quest KACE issue flagged as potentially exploited last month; CVE-2024-27199, a JetBrains TeamCity weakness exploited for over two years; and CVE-2023-27351, a PaperCut defect exploited since April 2023. CISA urges federal agencies to patch the Cisco and Zimbra vulnerabilities by April 23, and the other four issues by May 4. Related: Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers Related: Recent Apache ActiveMQ Vulnerability Exploited in the Wild Related: Cursor AI Vulnerability Exposed Developer Devices Related: NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software WRITTEN BY Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks Two North Korean IT Worker Scheme Facilitators Jailed in the US Cursor AI Vulnerability Exposed Developer Devices 53 DDoS Domains Taken Down by Law Enforcement Artemis Emerges From Stealth With $70 Million in Funding Splunk Enterprise Update Patches Code Execution Vulnerability NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software Latest News Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000 $290 Million Kelp DAO Crypto Heist Blamed on North Korea Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking British Scattered Spider Hacker Pleads Guilty in the US Hackers Abuse QEMU for Defense Evasion Bluesky Disrupted by Sophisticated DDoS Attack Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in House Half of the 6 Million Internet-Facing FTP Servers Lack Encryption Trending Webinar: A Step-By-Step Approach To AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection And Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move Anti-ransomware platform Halcyon has named Kirstjen Nielsen and Chris Inglis as Strategic Advisors. ThreatModeler has appointed Kevin Gallagher as Chief Executive Officer. Thomas Bain has been appointed Chief Marketing Officer at Silent Push. More People On The Move Expert Insights Government Can’t Win The Cyber War Without The Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI Of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules Of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons From OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) Flipboard Reddit Whatsapp Email