Remote Code Execution Vulnerability in MITRE Caldera by MITRE
CVE-2025-27364

10CRITICAL

Key Information:

Vendor

Mitre

Status
Caldera
Vendor
CVE Published:
24 February 2025

Badges

📈 Trended📈 Score: 1,310👾 Exploit Exists📰 News Worthy

What is CVE-2025-27364?

CVE-2025-27364 is a significant vulnerability in MITRE Caldera, a tool designed for automating adversary emulation and testing security controls. This flaw resides in the server’s dynamic agent compilation functionality and allows remote attackers to execute arbitrary code on the server running Caldera through crafted API requests. The potential exploitation of this vulnerability could severely undermine the integrity and availability of an organization's security operations, leading to unauthorized access and manipulation of sensitive data and systems.

Technical Details

The vulnerability pertains to the compilation feature of MITRE Caldera, specifically versions 4.2.0 and 5.0.0 before commit 35bc06e. The issue arises within the server's API that handles the compiling and downloading of Caldera's inherent agents, such as Sandcat and Manx. By utilizing specific flags in a web request, an attacker can inject malicious payloads resulting in remote code execution. This capability allows attackers to run arbitrary code on the server, potentially leading to full control over the affected system.

Potential impact of CVE-2025-27364

  1. Remote Code Execution: The core risk of this vulnerability is the ability to remotely execute arbitrary code, which can enable attackers to compromise the server, steal sensitive information, or manipulate security processes.

  2. System Integrity Compromise: By exploiting this vulnerability, attackers could alter or disable critical security measures within the organization, affecting the overall integrity of the systems and exposing them to further attacks.

  3. Operational Disruption: Successful exploitation may result in significant operational disruption as the Caldera system could be manipulated to execute malicious commands, affecting the organization’s ability to effectively test and respond to threats in its environment.

Affected Version(s)

Caldera 0 <= 4.2.0

Caldera 5.0.0

News Articles

favicon imageThe Cyber Express

CVE-2025-27364 In MITRE Caldera: Critical RCE Vulnerability

CVE-2025-27364 is a critical RCE vulnerability in MITRE Caldera, allowing remote attackers to execute arbitrary code.

favicon imageSecurity Magazine

MITRE Caldera security advisory warns of maximum severity flaw

MITRE Caldera security advisory warns of maximum severity flaw, and experts weigh share their insights.

favicon imageBankInfoSecurity

Hackers Could Hack a Hacking Simulation Platform

Real-life hackers could hack a platform used in red team exercises to simulate hacking, said a security researcher who warned users that he'll soon drop a

References

https://github.com/mitre/caldera/releases
https://github.com/mitre/caldera/security
https://medium.com/@mitrecaldera/mitre-caldera-security-a...

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by The Register

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-27364 : Remote Code Execution Vulnerability in MITRE Caldera by MITRE