CISA has added three actively exploited vulnerabilities in Citrix and Git to its KEV Catalogue. Federal agencies must patch the flaws by September 15, 2025.
The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its list of flaws that are actively being exploited by hackers, warning federal agencies to patch them immediately. The urgent alert, issued on August 25, 2025, covers two vulnerabilities in Citrix Session Recording and a major flaw in Git, the popular code management system.
These vulnerabilities have been added to the Known Exploited Vulnerabilities (KEV) Catalogue, a public list of security issues that are confirmed to be under attack. While the mandate to fix these vulnerabilities applies directly to federal government agencies, CISA strongly urges all private organisations to treat these as a top priority for remediation to protect against cyber threats.
Flaws in Citrix and Git
Two of the newly added vulnerabilities, identified as CVE-2024-8068 and CVE-2024-8069, affect Citrix Session Recording. Both of these flaws have a CVSS score of 5.1, which is considered a medium-severity rating.
Reportedly, these flaws could allow an attacker who is already inside a network to take over a system and run malicious code. The vulnerabilities can only be exploited by an authenticated user on the same network, meaning a hacker needs to have a foothold inside the system first. Citrix released security patches for both of these issues back in November 2024.
The third vulnerability, CVE-2025-48384, affects Git, a tool that millions of developers use to manage and share their code. This particular flaw, which was given a high severity score of 8.1, stems from how Git handles certain text characters in its configuration files.
An attacker could exploit this by composing a malicious file that, when a user clones a repository, could lead to a silent and unexpected code execution on their machine. A proof-of-concept for this exploit was released by Datadog shortly after it was patched by Git in July 2025.
The Call to Action
To comply with Binding Operational Directive (BOD) 22-01, all US Federal Civilian Executive Branch agencies must fix these vulnerabilities by September 15, 2025. CISA emphasises that all organisations should make it a practice to regularly review the KEV Catalogue and prioritise fixing the flaws listed, as they represent the most immediate and significant risks being exploited in the wild.
In a comment shared with Hackread.com, Gunter Ollmann, CTO of Cobalt, emphasised the importance of this alert for everyone. He explained that even moderate security flaws can become highly dangerous when hackers have access to reliable tools to exploit them.
“Organisations should treat the KEV catalogue as a living threat intelligence feed, prioritising remediation of these vulnerabilities because they represent what attackers are actively exploiting today,” he stated.
This highlights that the vulnerabilities on this list are not just theoretical risks; they are the active weapons in an attacker’s arsenal right now.
