CISA Adds Three New Vulnerabilities to KEV Catalog
⚠️ CISA added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on August 25, 2025: CVE-2024-8069 and CVE-2024-8068 affecting Citrix Session Recording, and CVE-2025-48384, a Git link following vulnerability. CISA states these defects are supported by evidence of active exploitation and represent frequent attack vectors that pose significant risk to the federal enterprise. While BOD 22-01 binds Federal Civilian Executive Branch agencies to remediate listed CVEs by the required due dates, CISA urges all organizations to prioritize timely remediation and incorporate these entries into vulnerability management workflows.