CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

Posted on By CWS

Aug 26, 2025Ravie LakshmananVulnerability / Knowledge Safety
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added three safety flaws impacting Citrix Session Recording and Git to its Identified Exploited Vulnerabilities (KEV) catalog, based mostly on proof of energetic exploitation.
The record of vulnerabilities is as follows –

CVE-2024-8068 (CVSS rating: 5.1) – An improper privilege administration vulnerability in Citrix Session Recording that might enable for privilege escalation to NetworkService Account entry when an attacker is an authenticated consumer in the identical Home windows Lively Listing area because the session recording server area
CVE-2024-8069 (CVSS rating: 5.1) – A deserialization of untrusted information vulnerability in Citrix Session Recording that enables restricted distant code execution with the privileges of a NetworkService Account entry when an attacker is an authenticated consumer on the identical intranet because the session recording server
CVE-2025-48384 (CVSS rating: 8.1) – A hyperlink following vulnerability in Git that arises because of inconsistent dealing with of carriage return (CR) characters in configuration recordsdata, leading to arbitrary code execution

Each the Citrix flaws have been patched by the corporate in November 2024 following accountable disclosure by watchTowr Labs on July 14, 2024. CVE-2025-48384, then again, was addressed by the Git mission earlier this July. A proof-of-concept (PoC) exploit was launched by Datadog following public disclosure.
“If a submodule path comprises a trailing CR, the altered path could cause Git to initialize the submodule in an unintended location,” Arctic Wolf mentioned about CVE-2025-48384. “When that is mixed with a symlink pointing to the submodule hooks listing and an executable post-checkout hook, cloning a repository may end up in unintended code execution.”
As is usually the case, CISA has offered no additional technical particulars on the exploitation exercise, or who could also be behind them. Federal Civilian Government Department (FCEB) businesses are required to use the mandatory mitigations by September 15, 2025, to safe their networks in opposition to energetic threats.

The Hacker News Tags:, , , , , , , ,

Related Posts

Google Adds Multi-Layered Defenses to Secure GenAI from Prompt Injection Attacks Google Adds Multi-Layered Defenses to Secure GenAI from Prompt Injection Attacks The Hacker News
6 Browser-Based Attacks Security Teams Need to Prepare For Right Now 6 Browser-Based Attacks Security Teams Need to Prepare For Right Now The Hacker News
npm Enhances Security with 2FA and Install Controls npm Enhances Security with 2FA and Install Controls The Hacker News
The State of AI in the SOC 2025 The State of AI in the SOC 2025 The Hacker News
New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack The Hacker News
Nine IP KVM Flaws Risk Unauthorized Root Access Nine IP KVM Flaws Risk Unauthorized Root Access The Hacker News