The Cybersecurity and Infrastructure Security Agency (CISA) of the United States has added three new vulnerabilities to its Catalog of Active Exploited Vulnerabilities (CAEV). These vulnerabilities are actively being used in attacks and pose a threat to cybersecurity. The newly added vulnerabilities include two flaws in Citrix Session Recording and one in Git.
One of the vulnerabilities, identified as cve-2024-8068, has a CVSS score of 5.1 and is related to incorrect rights management in Citrix Session Recording. This vulnerability allows an authenticated user in the same Windows Active Directory domain as the session recording server to elevate privileges to the level of the NetworkService account.
Another vulnerability, known as cve-2024-8069, also scored at 5.1 points. It involves deserialization of unintended data, which could potentially lead to remote code execution with the privileges of the NetworkService account if the attacker has internal network access and authorization.
The most severe vulnerability in the list is cve-2025-48384 with a score of 8.1. This vulnerability affects Git and is caused by improper handling of the carriage return symbol in configuration files, allowing for arbitrary code execution. The Git project addressed this issue in July 2025, but a working prototype of the exploit was publicized by Datadog shortly after.
According to Arctic Wolf, the vulnerability in Git can be exploited if the Windows path contains a carriage return symbol at the end, altering the path interpretation and potentially executing malicious commands during repository cloning using Post-Checkout. CISA has not disclosed specific details about the threat actors exploiting these vulnerabilities, but the agency has confirmed their active exploitation.
The U.S. Federal Government has set a deadline of September 15, 2025, for all Federal Civil Executive Branch (FCEB) agencies to implement protective measures to mitigate the risks posed by these vulnerabilities. It is crucial for all FCEB units to adhere to the instructions provided in the CAEV catalog to enhance cybersecurity defenses and safeguard their networks against potential attacks.