The U.S. CISA has issued warnings about a high-severity vulnerability in Git CVE-2025-48384 that could lead to arbitrary code execution. Additionally, CISA highlights two Citrix Session Recording vulnerabilities CVE-2024-8068 and CVE-2024-8069, urging timely patching before September 15th. #CVE202548384 #CitrixSessionRecordingVulnerabilities
Keypoints
- The vulnerability in Git stems from mishandling of carriage return characters in configuration files.
- This flaw allows attackers to execute arbitrary code by exploiting malicious repositories with crafted submodules.
- Git released patches for the vulnerability starting with version 2.43.7, and users are advised to update or apply mitigations.
- The Citrix vulnerabilities involve privilege escalation and remote code execution via untrusted data deserialization.
- CISA has mandated organizations to patch or cease use of vulnerable systems by September 15th to mitigate risks.