CISA Adds Three Exploited Vulnerabilities to KEV Catalog Impacting Citrix and Git: What You Need to Know for Enhanced Cybersecurity Awareness

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added three security vulnerabilities affecting Citrix Session Recording and Git to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities include CVE-2024-8068 and CVE-2024-8069, both with a CVSS score of 5.1, which pertain to improper privilege management and deserialization of untrusted data in Citrix Session Recording. These flaws could allow authenticated users within the same Windows Active Directory domain to escalate privileges or execute limited remote code. Additionally, CVE-2025-48384, rated at 8.1, is a link following vulnerability in Git that can lead to arbitrary code execution due to inconsistent handling of carriage return characters in configuration files.

Citrix addressed the two vulnerabilities in November 2024 after responsible disclosure by watchTowr Labs, while the Git project resolved CVE-2025-48384 earlier in July. A proof-of-concept exploit was released by Datadog following public disclosure. Arctic Wolf noted that a trailing carriage return in a submodule path could lead to unintended code execution when combined with specific symlink and hook configurations. CISA has not provided further technical details regarding the exploitation activities or the actors involved. Federal Civilian Executive Branch (FCEB) agencies are mandated to implement necessary mitigations by September 15, 2025, to protect their networks from these active threats. 

Categories: Cybersecurity Vulnerabilities, Active Exploitation, Software Patching 

Tags: CISA, Vulnerabilities, Citrix, Session Recording, Git, Privilege Escalation, Remote Code Execution, Exploitation, Mitigations, Active Directory