Article Details

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws impacting Citrix Session Recording and Git to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - Both the Citrix flaws were patched by the company in November 2024 following responsible disclosure by watchTowr Labs on July 14, 2024. CVE-2025-48384, on the other hand, was addressed by the Git project earlier this July. A proof-of-concept (PoC) exploit was released by Datadog following public disclosure. "If a submodule path contains a trailing CR, the altered path can cause Git to initialize the submodule in an unintended location," Arctic Wolf said about CVE-2025-48384. "When this is combined with a symlink pointing to the submodule hooks directory and an executable post-checkout hook, cloning a repository can result in unintended code execution." As is typically the case, CISA has provided no further technical details on the exploitation activity, or who may be behind them. Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary mitigations by September 15, 2025, to secure their networks against active threats.