The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security alert after adding three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on August 25, 2025.
The alert highlights active exploitation of two serious Citrix Session Recording flaws and one Git vulnerability, prompting immediate action from federal agencies and private organizations.
Critical Citrix Vulnerabilities Under Active Attack
Two of the newly cataloged vulnerabilities specifically target Citrix Session Recording infrastructure, representing significant risks to enterprise environments.
| CVE ID | Vulnerability Type | Affected Product | Severity Level | Impact |
| CVE-2024-8069 | Deserialization of Untrusted Data (CWE-502) | Citrix Session Recording | High/Critical | Code Execution |
| CVE-2024-8068 | Improper Privilege Management (CWE-269) | Citrix Session Recording | High | Privilege Escalation |
| CVE-2025-48384 | Link Following (CWE-59) | Git | Medium/High | Information Disclosure |
CVE-2024-8069 involves a deserialization of untrusted data vulnerability that allows attackers to execute malicious code by manipulating serialized data streams.
This type of flaw has historically been favored by threat actors due to its potential for remote code execution without authentication.
The second Citrix vulnerability, CVE-2024-8068, centers on improper privilege management within the Session Recording component.
This weakness enables attackers to escalate privileges and gain unauthorized access to sensitive system functions, potentially compromising entire network segments where Citrix infrastructure is deployed.
The third vulnerability, CVE-2025-48384, affects Git version control systems through a link following weakness.
This flaw could allow malicious actors to manipulate symbolic links, potentially leading to unauthorized file access or code repository compromise—a particularly concerning scenario for software development environments and source code management systems.
Under Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch agencies must remediate these vulnerabilities by specified deadlines to protect federal networks against active threats.
The directive established the KEV Catalog as a living repository of Common Vulnerabilities and Exposures that pose significant risks to government infrastructure.
While BOD 22-01 specifically targets federal agencies, CISA strongly recommends that all organizations prioritize immediate remediation of these vulnerabilities as part of their comprehensive vulnerability management programs.
The agency emphasizes that these vulnerability types serve as frequent attack vectors for malicious cyber actors.
Organizations utilizing Citrix Session Recording solutions should immediately assess their exposure and implement available patches or mitigations.
Similarly, environments running affected Git versions require prompt attention to prevent potential repository compromise.
The addition of these vulnerabilities to the KEV Catalog reflects CISA’s evidence-based approach to threat intelligence, where only vulnerabilities with confirmed active exploitation receive catalog inclusion.
This designation signals that threat actors are already leveraging these flaws in real-world attacks, making rapid response essential for maintaining security posture.
Security teams should integrate KEV Catalog monitoring into their regular vulnerability management workflows, as CISA continues expanding the catalog with newly identified exploited vulnerabilities that meet specified risk criteria.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
Source link
