Overview
- CISA listed Git CVE-2025-48384 alongside Citrix Session Recording CVE-2024-8068 and CVE-2024-8069 after confirming in-the-wild exploitation.
- The Git issue stems from trailing carriage return handling in config parsing that can redirect submodule paths and trigger malicious hooks for remote code execution.
- Git maintainers shipped fixes on July 8 in versions 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1, with exploitation confirmed but campaign details not publicly disclosed.
- Datadog validated working proof-of-concept exploits, and researchers warn that developer workstations and some CI/CD systems on macOS and Linux face elevated risk, while Windows is not affected.
- Citrix patched the two Session Recording flaws in November 2024, and CISA urges all organizations to review KEV guidance, apply vendor fixes, or implement mitigations such as disabling Git hooks or avoiding recursive submodule clones from untrusted sources.