The U.S. Cybersecurity & Infrastructure Safety Company (CISA) is warning of hackers exploiting an arbitrary code execution flaw within the Git distributed model management system.
The company has added the vulnerability to its Recognized Exploited Vulnerabilities (KEV) catalog and has set the patch deadline for federal businesses to September fifteenth.
Git model management system permits software program improvement groups to trace codebase modifications over time. The library is the spine of recent software program collaboration, serving as the premise for platforms resembling GitHub, GitLab, and Bitbucket.
The exploited vulnerability in Git has a high-severity rating and is tracked as CVE-2025-48384. It stems from Git’s mishandling of carriage return (r) characters in configuration recordsdata.
A mismatch between how Git writes and reads these characters causes incorrect submodule path decision.
Attackers can exploit the problem by publishing repositories with submodules ending in r and a crafted symlink with a malicious hook setup, resulting in arbitrary code execution on the machines of customers who clone them.
Git found the problem on July 8, 2025, and pushed fixes within the following variations: 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and a pair of.50.1.
If updating is just not doable, the advice is to keep away from recursive submodule clones from untrusted sources, disable Git hooks globally through core.hooksPath, or implement solely audited submodules.
Together with the Git flaw, CISA additionally added to the KEV catalog two Citrix Session Recording vulnerabilities that the seller fastened in November 2024, specifically CVE-2024-8068 and CVE-2024-8069. Each security points obtained a medium-severity rating.
CVE-2024-8068 permits an authenticated person in the identical Lively Listing area because the Session Recording server to escalate privileges to the NetworkService account.
CVE-2024-8069 allows an authenticated intranet person to attain restricted distant code execution with NetworkService privileges via deserialization of untrusted information.
The issues have an effect on Citrix Session Recording earlier than 2407 hotfix 24.5.200.8 (CR), 1912 LTSR earlier than CU9 hotfix 19.12.9100.6, 2203 LTSR earlier than CU5 hotfix 22.03.5100.11, and 2402 LTSR earlier than CU1 hotfix 24.02.1200.16.
CISA has given organizations the identical deadline, September fifteenth, to use the fixes supplied by the seller or to cease utilizing the merchandise.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration tendencies.
