CISA Adds Three Vulnerabilities to Catalog, Urges Immediate Patching
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The list includes two flaws in Citrix Session Recording and one in Git, all of which are already being actively exploited in attacks.
CVE-2024-8068, rated 5.1 on the CVSS scale, stems from improper access control in Citrix Session Recording. The flaw allows privilege escalation to the NetworkService account level, provided that the attacker is an authenticated user within the same Windows Active Directory domain as the session recording server.
The second issue, CVE-2024-8069, also carries a CVSS rating of 5.1. It involves deserialization of untrusted data, which could enable remote code execution with NetworkService privileges if the attacker has access to the internal network and is authenticated within it. Both vulnerabilities were disclosed by researchers at watchTowr Labs in July 2024 and patched by Citrix in November of the same year.
Far more severe is CVE-2025-48384, with a CVSS score of 8.1. This vulnerability affects Git and arises from improper handling of the carriage return (CR) character in configuration files, ultimately allowing arbitrary code execution. The Git project patched the flaw in July 2025, but shortly after public disclosure, Datadog released a working proof-of-concept exploit.
According to Arctic Wolf, the danger emerges when a submodule path ends with a CR character. This alters the interpretation of the path, which—when combined with a symlink to the hooks directory and an executable post-checkout script—can trigger the execution of malicious commands upon repository cloning.
CISA has not disclosed who is exploiting these vulnerabilities, but their active use has been confirmed. U.S. federal agencies face a deadline of September 15, 2025, by which they must implement protective measures to mitigate the risks to their networks. This mandate applies to all entities within the Federal Civilian Executive Branch (FCEB), which are required to comply with KEV catalog directives.
