CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git - The Hacker News

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git Ravie LakshmananAug 26, 2025Vulnerability / Data Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws impacting Citrix Session Recording and Git to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2024-8068 (CVSS score: 5.1) - An improper privilege management vulnerability in Citrix Session Recording that could allow for privilege escalation to NetworkService Account access when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain CVE-2024-8069 (CVSS score: 5.1) - A deserialization of untrusted data vulnerability in Citrix Session Recording that allows limited remote code execution with the privileges of a NetworkService Account access when an attacker is an authenticated user on the same intranet as the session recording server CVE-2025-48384 (CVSS score: 8.1) - A link following vulnerability in Git that arises as a result of inconsistent handling of carriage return (CR) characters in configuration files, resulting in arbitrary code execution Both the Citrix flaws were patched by the company in November 2024 following responsible disclosure by watchTowr Labs on July 14, 2024. CVE-2025-48384, on the other hand, was addressed by the Git project earlier this July. A proof-of-concept (PoC) exploit was released by Datadog following public disclosure. "If a submodule path contains a trailing CR, the altered path can cause Git to initialize the submodule in an unintended location," Arctic Wolf said about CVE-2025-48384. "When this is combined with a symlink pointing to the submodule hooks directory and an executable post-checkout hook, cloning a repository can result in unintended code execution." As is typically the case, CISA has provided no further technical details on the exploitation activity, or who may be behind them. Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary mitigations by September 15, 2025, to secure their networks against active threats. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  CISA, Citrix, cybersecurity, data security, Git, privilege escalation, remote code execution, Vulnerability Trending News 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack and Vibe-Coded Malware Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine and More Load More ▼ Popular Resources 19,053 Confirmed Breaches in 2025 – Key Trends and Predictions for 2026 Identity Controls Checklist: Find Missing Protections in Apps Read CYBER360 2026: From Zero Trust Limits to Data-Centric Security Paths Self-Hosted WAF: Block SQLi, XSS, and Bots Before They Reach Your Apps