Aug 26, 2025Ravie LakshmananVulnerability / Knowledge Safety
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added three safety flaws impacting Citrix Session Recording and Git to its Identified Exploited Vulnerabilities (KEV) catalog, based mostly on proof of energetic exploitation.
The record of vulnerabilities is as follows –
CVE-2024-8068 (CVSS rating: 5.1) – An improper privilege administration vulnerability in Citrix Session Recording that might enable for privilege escalation to NetworkService Account entry when an attacker is an authenticated consumer in the identical Home windows Lively Listing area because the session recording server area
CVE-2024-8069 (CVSS rating: 5.1) – A deserialization of untrusted information vulnerability in Citrix Session Recording that enables restricted distant code execution with the privileges of a NetworkService Account entry when an attacker is an authenticated consumer on the identical intranet because the session recording server
CVE-2025-48384 (CVSS rating: 8.1) – A hyperlink following vulnerability in Git that arises because of inconsistent dealing with of carriage return (CR) characters in configuration recordsdata, leading to arbitrary code execution
Each the Citrix flaws have been patched by the corporate in November 2024 following accountable disclosure by watchTowr Labs on July 14, 2024. CVE-2025-48384, then again, was addressed by the Git mission earlier this July. A proof-of-concept (PoC) exploit was launched by Datadog following public disclosure.
“If a submodule path comprises a trailing CR, the altered path could cause Git to initialize the submodule in an unintended location,” Arctic Wolf mentioned about CVE-2025-48384. “When that is mixed with a symlink pointing to the submodule hooks listing and an executable post-checkout hook, cloning a repository may end up in unintended code execution.”
As is usually the case, CISA has offered no additional technical particulars on the exploitation exercise, or who could also be behind them. Federal Civilian Government Department (FCEB) businesses are required to use the mandatory mitigations by September 15, 2025, to safe their networks in opposition to energetic threats.
