What's Happening?
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three vulnerabilities affecting Citrix Session Recording and Git to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities have been actively exploited, prompting CISA to take action. The Citrix vulnerabilities, CVE-2024-8068 and CVE-2024-8069, involve improper privilege management and deserialization of untrusted data, potentially allowing privilege escalation and remote code execution. Git's CVE-2025-48384 vulnerability arises from inconsistent handling of carriage return characters, leading to arbitrary code execution. Citrix patched its vulnerabilities in November 2024, while Git addressed its issue in July 2025. Federal Civilian Executive Branch agencies are required to apply necessary mitigations by September 15, 2025.
Why It's Important?
The inclusion of these vulnerabilities in the KEV catalog highlights the ongoing threat to cybersecurity infrastructure. The Citrix and Git vulnerabilities pose significant risks to organizations using these technologies, potentially leading to unauthorized access and code execution. This action by CISA underscores the importance of timely patching and mitigation to protect against active threats. Organizations failing to address these vulnerabilities may face increased risk of cyberattacks, impacting their operations and data security. The requirement for federal agencies to implement mitigations by mid-September reflects the urgency of securing networks against these exploits.
What's Next?
Federal agencies are expected to comply with CISA's directive to mitigate these vulnerabilities by September 15, 2025. Organizations using Citrix and Git should prioritize patching and review their security protocols to prevent exploitation. Cybersecurity experts may continue monitoring for further developments and potential new vulnerabilities. CISA's actions may prompt other agencies and private sector entities to reassess their cybersecurity measures and ensure compliance with best practices.
