Ethical Hacking News
Cybersecurity Alert: Three Exploited Vulnerabilities Added to KEV Catalog
Three vulnerabilities have been added to the KEV catalog, including Citrix Session Recording and Git. These vulnerabilities can be exploited for privilege escalation, remote code execution, and arbitrary code execution. CISA has advised federal civilian executive branch agencies to apply necessary mitigations by September 15, 2025. Prioritize patching and securing your systems to prevent exploitation.
CISA has added three exploited vulnerabilities to its KEV catalog: CVE-2024-8068, CVE-2024-8069, and CVE-2025-48384. Citrix Session Recording and Git are affected by these vulnerabilities, which can lead to privilege escalation, limited remote code execution, and arbitrary code execution. CISA advises federal civilian executive branch (FCEB) agencies to apply necessary mitigations by September 15, 2025.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert regarding three exploited vulnerabilities that have been added to its Known Exploited Vulnerabilities (KEV) catalog. The list of vulnerabilities in question includes CVE-2024-8068, CVE-2024-8069, and CVE-2025-48384.
CVE-2024-8068 is an improper privilege management vulnerability in Citrix Session Recording that could allow for privilege escalation to NetworkService Account access when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain. This vulnerability was patched by Citrix in November 2024 following responsible disclosure by watchTowr Labs on July 14, 2024.
CVE-2024-8069 is a deserialization of untrusted data vulnerability in Citrix Session Recording that allows limited remote code execution with the privileges of a NetworkService Account access when an attacker is an authenticated user on the same intranet as the session recording server. This vulnerability was also patched by Citrix in November 2024.
The third vulnerability, CVE-2025-48384, is a link following vulnerability in Git that arises as a result of inconsistent handling of carriage return (CR) characters in configuration files. This results in arbitrary code execution when a submodule path contains a trailing CR and is combined with a symlink pointing to the submodule hooks directory and an executable post-checkout hook. A proof-of-concept exploit was released by Datadog following public disclosure.
According to Arctic Wolf, a link between the exploitation of CVE-2025-48384 and an unintended location for initializing the submodule can cause a repository to result in code execution. This is due to a combination of factors including the altered path containing a trailing CR, the presence of a symlink pointing to the submodule hooks directory, and an executable post-checkout hook.
CISA has stated that no further technical details on the exploitation activity or who may be behind them will be provided. However, it has advised federal civilian executive branch (FCEB) agencies to apply necessary mitigations by September 15, 2025, to secure their networks against active threats.
In light of these recent vulnerabilities, cybersecurity professionals and organizations must prioritize patching and securing their systems to prevent exploitation. The addition of these vulnerabilities to the KEV catalog serves as a reminder of the importance of keeping software up-to-date and following established best practices for vulnerability management.
Summary:
Three exploited vulnerabilities have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, including CVE-2024-8068, CVE-2024-8069, and CVE-2025-48384. Citrix Session Recording and Git are affected by these vulnerabilities, which can lead to privilege escalation, limited remote code execution, and arbitrary code execution. CISA advises federal civilian executive branch (FCEB) agencies to apply necessary mitigations by September 15, 2025.
Related Information:
https://www.ethicalhackingnews.com/articles/Cybersecurity-Alert-Three-Exploited-Vulnerabilities-Added-to-KEV-Catalog-ehn.shtml
https://thehackernews.com/2025/08/cisa-adds-three-exploited.html
https://nvd.nist.gov/vuln/detail/CVE-2024-8068
https://www.cvedetails.com/cve/CVE-2024-8068/
https://nvd.nist.gov/vuln/detail/CVE-2024-8069
https://www.cvedetails.com/cve/CVE-2024-8069/
https://nvd.nist.gov/vuln/detail/CVE-2025-48384
https://www.cvedetails.com/cve/CVE-2025-48384/
Published: Tue Aug 26 02:28:13 2025 by llama3.2 3B Q4_K_M
