CISA Issues Alert on Citrix Flaws Actively Exploited by Hackers
gbhackersThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security alert after adding three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on August 25, 2025.
The alert highlights active exploitation of two serious Citrix Session Recording flaws and one Git vulnerability, prompting immediate action from federal agencies and private organizations.
Critical Citrix Vulnerabilities Under Active Attack
Two of the newly cataloged vulnerabilities specifically target Citrix Session Recording infrastructure, representing significant risks to enterprise environments.
| CVE ID | Vulnerability Type | Affected Product | Severity Level | Impact |
| CVE-2024-8069 | Deserialization of Untrusted Data (CWE-502) | Citrix Session Recording | High/Critical | Code Execution |
| CVE-2024-8068 | Improper Privilege Management (CWE-269) | Citrix Session Recording | High | Privilege Escalation |
| CVE-2025-48384 | Link Following (CWE-59) | Git | Medium/High | Information Disclosure |
CVE-2024-8069 involves a deserialization of untrusted data vulnerability that allows attackers to execute malicious code by manipulating serialized data streams.
This type of flaw has historically been favored by threat ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE