The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws affecting Citrix session recording and GIT to its known exploited vulnerabilities (KEV) catalogue based on evidence of active exploitation.
Here’s the list of vulnerabilities –
CVE-2024-8068 (CVSS Score: 5.1) – An inappropriate privilege management vulnerability in CITRIX session recording is that if the user is authenticated in the same Windows Active Directory Domain as the session server domain CVE-2024-8069 (CVSS Score: 5.1), if the attacker is an authenticated user if the attacker is an authenticated user in the same Windows Active Directory domain. If the attacker is an authenticated user on the same intranet as the session recording server, a Citrix session recording vulnerability that allows remote code to execute privileged network service account access is a link code execution following a vulnerability resulting from a character’s resume vulnerability (CR) character’s resume
Both Citrix defects were patched by the company in November 2024 following responsible disclosure by WatchTowr Labs on July 14, 2024. The Proof of Concept (POC) exploit was released by Datadog after it was published.
“If the submodule path contains subsequent CRs, the changed path may cause GIT to initialize the submodule in an unintended location,” Arctic Wolf said of CVE-2025-48384. “When this is combined with a submodule hook directory and a thin link that points to an executable checkout hook, cloning the repository can lead to unintended code execution.”
As is typical, CISA does not provide any more technical details about exploitation activities. Federal Civil Enforcement Division (FCEB) agencies must apply the necessary mitigations by September 15, 2025 to ensure their networks are secured against aggressive threats.
Source link
