CISA adds three vulnerabilities to its catalog

CISA has included three new vulnerabilities in its Known Exploited Vulnerabilities (KEV) Catalog, highlighting threats to various software environments.

Vulnerability Details

The newly added vulnerabilities are as follows:

CVE-2024-8069: Citrix Session Recording Deserialization of Untrusted Data Vulnerability.
CVE-2024-8068: Citrix Session Recording Improper Privilege Management Vulnerability.
CVE-2025-48384: Git Link Following Vulnerability.

These vulnerabilities are known attack vectors and present risk to federal enterprise systems. CISA notes that vulnerabilities such as these must be addressed to mitigate risks.

Binding Operational Directive Insights

The Binding Operational Directive (BOD) 22-01 establishes the KEV Catalog as a comprehensive list of Common Vulnerabilities and Exposures (CVE) (CVEs) posing notable risks to federal agencies. According to BOD 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to remediate any identified vulnerabilities by the specified deadline.

While BOD 22-01 is directed at FCEB organizations, CISA recommends that all entities prioritize the remediation of KEV Catalog vulnerabilities to enhance their security posture. CISA will continue to update the catalog as new vulnerabilities are identified.

Conclusion

This update from CISA emphasizes the importance of addressing known vulnerabilities to safeguard against cyber threats. The inclusion of these vulnerabilities serves as a reminder for organizations to maintain vigilant cybersecurity practices. This summary reflects a timely review of the original blog post.

Vulnerability Details

Binding Operational Directive Insights

Conclusion

Daily Intelligence Brief: SEALSQ, Armstrong, and Cybersecurity Vulnerabilities - October 24, 2025

NIHON KOHDEN faces vulnerability in CNS-6201

Veeder-Root faces security vulnerabilities in TLS4B system