AI Generated Content

This may include content generated using AI tools. Glance teams are making active and commercially reasonable efforts to moderate all AI generated content. Glance moderation processes are improving however our processes are carried out on a best-effort basis and may not be exhaustive in nature. Glance encourage our users to consume the content judiciously and rely on their own research for accuracy of facts. Glance maintains that all AI generated content here is for entertainment purposes only.

Rapid Read    •   7 min read

CISA Adds Citrix and Git Vulnerabilities to Exploited Catalog, Urges Mitigation

WHAT'S THE STORY?

What's Happening?

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three vulnerabilities affecting Citrix Session Recording and Git to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities have been actively exploited, prompting CISA to take action. The Citrix vulnerabilities, CVE-2024-8068 and CVE-2024-8069, involve improper privilege management and deserialization of untrusted data, potentially allowing privilege escalation and remote code execution. Git's CVE-2025-48384 vulnerability arises from inconsistent handling of carriage return characters, leading to arbitrary code execution. Citrix patched its vulnerabilities in November 2024, while Git addressed its issue in July 2025. Federal Civilian Executive Branch agencies are required to apply necessary mitigations by September 15, 2025.
AD

Why It's Important?

The inclusion of these vulnerabilities in the KEV catalog highlights the ongoing threat to cybersecurity infrastructure. The Citrix and Git vulnerabilities pose significant risks to organizations using these technologies, potentially leading to unauthorized access and code execution. This action by CISA underscores the importance of timely patching and mitigation to protect against active threats. Organizations failing to address these vulnerabilities may face increased risk of cyberattacks, impacting their operations and data security. The requirement for federal agencies to implement mitigations by mid-September reflects the urgency of securing networks against these exploits.

What's Next?

Federal agencies are expected to comply with CISA's directive to mitigate these vulnerabilities by September 15, 2025. Organizations using Citrix and Git should prioritize patching and review their security protocols to prevent exploitation. Cybersecurity experts may continue monitoring for further developments and potential new vulnerabilities. CISA's actions may prompt other agencies and private sector entities to reassess their cybersecurity measures and ensure compliance with best practices.

AI Generated Content

AD
More Stories You Might Enjoy

Docker Desktop Vulnerability Allows Host System Compromise

A critical vulnerability in Docker Desktop, identified as CVE-2025-9074, has been discovered, allowing attackers to control containers and escalate...

Story by Rapid Read
AD

Healthcare Services Group Reports Data Breach Affecting 624,000 Individuals

Healthcare Services Group has announced a significant data breach impacting over 624,000 individuals. The breach was discovered on October 7, 2024,...

Story by Rapid Read

Cloud Security Alliance Launches AI Safety Initiative to Guide Responsible AI Use

The Cloud Security Alliance (CSA) has introduced the AI Safety Initiative, a comprehensive project aimed at providing guidance for the safe and res...

Story by Rapid Read

Cybersecurity Experts Highlight Time Integrity as Key to Cyber Resilience

Cybersecurity experts are emphasizing the critical role of time integrity in enhancing cyber resilience. A recent analysis has revealed that incons...

Story by Rapid Read
AD

Cloud Security Alliance Launches AI Safety Initiative to Bridge Technology and Regulation

The Cloud Security Alliance (CSA) has initiated a significant project called the AI Safety Initiative, aimed at making artificial intelligence (AI)...

Story by Rapid Read

CyberArk and Optiv Enhance Workforce Security with Privilege Controls

CyberArk has successfully deployed its Workforce Identity Security solution at Optiv, transforming workforce access by applying privilege controls ...

Story by Rapid Read

CISA Seeks Public Input on Updated Software Bill of Materials Guidance

The Cybersecurity and Infrastructure Security Agency (CISA) is inviting public feedback on its updated guidance for the Software Bill of Materials ...

Story by Rapid Read
AD

AT Agrees to $177 Million Settlement Following Major Data Breaches

AT&T is nearing the payout of a $177 million settlement related to two significant data breaches. The breaches, which occurred in 2019 and 2024, ex...

Story by Rapid Read

Coder Sentenced to Prison for Deploying Malware Against Employer

Davis Lu, a former software developer at Eaton Corporation, has been sentenced to four years in prison for deploying a malware 'kill switch' agains...

Story by Rapid Read

Cloud Security Alliance Launches AI Safety Initiative to Enhance Responsible AI Use

The Cloud Security Alliance (CSA) has introduced the AI Safety Initiative, a project aimed at providing guidance for the safe and responsible use o...

Story by Rapid Read
AD