The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added three security flaws impacting Citrix Session Recording and Git to its Identified Exploited Vulnerabilities (KEV) catalog, based mostly on proof of lively exploitation.
The record of vulnerabilities is as follows –
- CVE-2024-8068 (CVSS rating: 5.1) – An improper privilege administration vulnerability in Citrix Session Recording that would permit for privilege escalation to NetworkService Account entry when an attacker is an authenticated person in the identical Home windows Lively Listing area because the session recording server area
- CVE-2024-8069 (CVSS rating: 5.1) – A deserialization of untrusted information vulnerability in Citrix Session Recording that permits restricted distant code execution with the privileges of a NetworkService Account entry when an attacker is an authenticated person on the identical intranet because the session recording server
- CVE-2025-48384 (CVSS rating: 8.1) – A hyperlink following vulnerability in Git that arises on account of inconsistent dealing with of carriage return (CR) characters in configuration recordsdata, leading to arbitrary code execution
Each the Citrix flaws have been patched by the corporate in November 2024 following accountable disclosure by watchTowr Labs on July 14, 2024. CVE-2025-48384, then again, was addressed by the Git challenge earlier this July. A proof-of-concept (PoC) exploit was launched by Datadog following public disclosure.
“If a submodule path accommodates a trailing CR, the altered path may cause Git to initialize the submodule in an unintended location,” Arctic Wolf stated about CVE-2025-48384. “When that is mixed with a symlink pointing to the submodule hooks listing and an executable post-checkout hook, cloning a repository can lead to unintended code execution.”
As is often the case, CISA has offered no additional technical particulars on the exploitation exercise, or who could also be behind them. Federal Civilian Government Department (FCEB) companies are required to use the required mitigations by September 15, 2025, to safe their networks towards lively threats.
