Do Son 
The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, warning that malicious actors are actively exploiting the flaws in the wild. The vulnerabilities include two impacting Citrix Session Recording and one critical issue in Git.
According to CISA, “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.”
The first Citrix flaw, tracked as CVE-2024-8068, is a privilege escalation vulnerability in Citrix Session Recording. The issue stems from improper privilege management, allowing an attacker to elevate access to the NetworkService account. However, the attacker must already be an authenticated user within the same Windows Active Directory domain as the targeted session recording server. With a CVSS v4.0 score of 5.1, it is considered medium severity but still dangerous in enterprise environments where Citrix software is tightly integrated with identity systems.
The second Citrix vulnerability, CVE-2024-8069, is caused by the deserialization of untrusted data within Citrix Session Recording. This flaw can enable limited remote code execution with the privileges of the NetworkService account. In order to exploit the issue, an attacker must be an authenticated user on the same intranet as the session recording server. Like CVE-2024-8068, it carries a CVSS v4.0 score of 5.1, but its ability to enable code execution makes it a serious concern. Citrix has released patches, with the Cloud Software Group strongly urging affected customers to update to the latest fixed versions across both Current Release (CR) and Long Term Service Release (LTSR) branches.
The third vulnerability affects Git, one of the most widely used developer tools worldwide. Tracked as CVE-2025-48384, this flaw arises from how Git handles carriage return (CR) and line feed (LF) characters in configuration values. Under certain conditions, a Git submodule path with a trailing carriage return may be misinterpreted, leading the submodule to be checked out to the wrong location. If a symbolic link exists pointing to the submodule hooks directory, and the submodule contains a malicious post-checkout hook, the script could be executed unintentionally after checkout. With a CVSS v4.0 score of 8.1, this vulnerability is significantly more severe than the Citrix flaws because it opens the door to supply chain-style attacks. Git has patched the issue in versions 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.
CISA has directed all Federal Civilian Executive Branch (FCEB) agencies to remediate these vulnerabilities no later than September 15, 2025. The agency stresses that exploitation of these flaws could allow attackers to gain elevated privileges, execute code, or hijack Git workflows.
Related Posts:
- Git Project Patches 3 Flaws: RCE, Arbitrary File Writes & Buffer Overflow
- Critical Vulnerabilities in Citrix Virtual Apps and Desktops Actively Exploited
- CVE-2023-29007: Git Users Beware of Arbitrary Configuration Injection Vulnerability
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
