Particle.news
Download on the App Store
6 ARTICLES
·
3w ago

CISA Adds Exploited Git and Citrix Flaws to KEV, Orders Fixes by Sept. 15

Federal agencies face a September 15 remediation deadline under BOD 22-01.

git
Image

Overview

  • CISA listed Git CVE-2025-48384 alongside Citrix Session Recording CVE-2024-8068 and CVE-2024-8069 after confirming in-the-wild exploitation.
  • The Git issue stems from trailing carriage return handling in config parsing that can redirect submodule paths and trigger malicious hooks for remote code execution.
  • Git maintainers shipped fixes on July 8 in versions 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1, with exploitation confirmed but campaign details not publicly disclosed.
  • Datadog validated working proof-of-concept exploits, and researchers warn that developer workstations and some CI/CD systems on macOS and Linux face elevated risk, while Windows is not affected.
  • Citrix patched the two Session Recording flaws in November 2024, and CISA urges all organizations to review KEV guidance, apply vendor fixes, or implement mitigations such as disabling Git hooks or avoiding recursive submodule clones from untrusted sources.