CISA has issued a vital alert concerning three newly recognized vulnerabilities being actively exploited by risk actors.
On August 25, 2025, CISA added these high-risk Frequent Vulnerabilities and Exposures (CVEs) to its Recognized Exploited Vulnerabilities (KEV) Catalog, signaling instant concern for federal businesses and personal organizations alike.
Key Takeaways1. CISA added two Citrix Session Recording CVEs and one Git CVE to its KEV Catalog.2. Citrix flaws require authenticated native entry; Git flaw exploits symlinked hooks for arbitrary code.3. Federal businesses should patch per BOD 22-01; all organizations ought to replace instantly.
Citrix Session Recording Vulnerabilities
Two of the three vulnerabilities goal Citrix Session Recording infrastructure, presenting important safety dangers for organizations using this enterprise monitoring resolution.
CVE-2024-8069, categorised as a deserialization of untrusted knowledge vulnerability with a CVSS 4.0 rating of 5.1 (Medium), permits restricted distant code execution with NetworkService Account privileges.
The vulnerability leverages CWE-502 (Deserialization of Untrusted Information) weak spot, permitting authenticated attackers on the identical intranet because the session recording server to execute arbitrary code.
The assault vector requires the risk actor to be an authenticated person throughout the goal community, using the CVSS 4.0 vector string CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N.
This means Adjoining Community entry with Low complexity, requiring Low privileges however no person interplay.
CVE-2024-8068 represents a privilege escalation vulnerability with equivalent CVSS scoring, exploiting CWE-269 (Improper Privilege Administration).
This flaw permits authenticated customers throughout the similar Home windows Energetic Listing area to escalate privileges to NetworkService Account entry, doubtlessly compromising the complete session recording infrastructure.
Each Citrix vulnerabilities have an effect on a number of Lengthy Time period Service Launch (LTSR) variations, together with 1912 LTSR earlier than CU9 hotfix 19.12.9100.6, 2203 LTSR earlier than CU5 hotfix 22.03.5100.11, 2402 LTSR earlier than CU1 hotfix 24.02.1200.16, and the 2407 Present Launch earlier than model 24.5.200.8.
Git Hyperlink Following Vulnerability
The third addition, CVE-2025-48384, impacts Git model management techniques with the next CVSS 3.1 rating of 8.1 (Excessive).
This vulnerability exploits CWE-59 (Improper Hyperlink Decision Earlier than File Entry) and CWE-436 (Interpretation Battle), enabling arbitrary code execution by way of damaged configuration quoting mechanisms.
The assault leverages Git’s dealing with of carriage return and line feed (CRLF) characters in configuration values.
When initializing submodules with trailing CR characters within the path, Git incorrectly processes the altered path, doubtlessly permitting symlink-based assaults.
If an attacker creates a symlink pointing the altered path to the submodule hooks listing and contains an executable post-checkout hook, malicious scripts might execute unintentionally after checkout operations.
The vulnerability impacts Git variations previous to 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and a couple of.50.1, with the CVSS vector CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H indicating Community entry with Excessive complexity however doubtlessly catastrophic affect.
CVETitleCVSS 3.1 ScoreSeverityCVE-2024-8069Limited distant code execution with NetworkService privileges8.8 HighCVE-2024-8068Privilege escalation to NetworkService Account access8.0HighCVE-2025-48384Git permits arbitrary code execution by way of damaged config quoting8.1High
Mitigations
Beneath Binding Operational Directive (BOD) 22-01, Federal Civilian Govt Department (FCEB) businesses should remediate these KEV-listed vulnerabilities by their specified due dates.
CISA strongly recommends that every one organizations prioritize remediation of those actively exploited vulnerabilities.
The company continues increasing the KEV Catalog based mostly on proof of in-the-wild exploitation, emphasizing the vital nature of those safety flaws for each private and non-private sector entities.
Organizations ought to instantly assess their publicity to those vulnerabilities, notably these using Citrix Session Recording infrastructure or Git-based growth workflows, and implement obtainable patches to stop potential compromise.
Discover this Story Attention-grabbing! Comply with us on LinkedIn and X to Get Extra Prompt Updates.
