CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

Posted on By CWS

Aug 26, 2025Ravie LakshmananVulnerability / Knowledge Safety
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added three safety flaws impacting Citrix Session Recording and Git to its Identified Exploited Vulnerabilities (KEV) catalog, based mostly on proof of energetic exploitation.
The record of vulnerabilities is as follows –

CVE-2024-8068 (CVSS rating: 5.1) – An improper privilege administration vulnerability in Citrix Session Recording that might enable for privilege escalation to NetworkService Account entry when an attacker is an authenticated consumer in the identical Home windows Lively Listing area because the session recording server area
CVE-2024-8069 (CVSS rating: 5.1) – A deserialization of untrusted information vulnerability in Citrix Session Recording that enables restricted distant code execution with the privileges of a NetworkService Account entry when an attacker is an authenticated consumer on the identical intranet because the session recording server
CVE-2025-48384 (CVSS rating: 8.1) – A hyperlink following vulnerability in Git that arises because of inconsistent dealing with of carriage return (CR) characters in configuration recordsdata, leading to arbitrary code execution

Each the Citrix flaws have been patched by the corporate in November 2024 following accountable disclosure by watchTowr Labs on July 14, 2024. CVE-2025-48384, then again, was addressed by the Git mission earlier this July. A proof-of-concept (PoC) exploit was launched by Datadog following public disclosure.
“If a submodule path comprises a trailing CR, the altered path could cause Git to initialize the submodule in an unintended location,” Arctic Wolf mentioned about CVE-2025-48384. “When that is mixed with a symlink pointing to the submodule hooks listing and an executable post-checkout hook, cloning a repository may end up in unintended code execution.”
As is usually the case, CISA has offered no additional technical particulars on the exploitation exercise, or who could also be behind them. Federal Civilian Government Department (FCEB) businesses are required to use the mandatory mitigations by September 15, 2025, to safe their networks in opposition to energetic threats.

The Hacker News Tags:, , , , , , , ,

Related Posts

Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks The Hacker News
Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials The Hacker News
India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse The Hacker News
New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions The Hacker News
How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents The Hacker News
Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps The Hacker News