Top Mathematics discussions
NishMath
Divya@gbhackers.com - 2d
A critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-27364, has been discovered in MITRE Caldera, a widely used adversarial emulation framework. This flaw allows attackers to remotely execute arbitrary code on affected Caldera servers. The vulnerability stems from Caldera's dynamic agent compilation functionality, which can be manipulated through crafted web requests. This poses a significant security risk, especially given Caldera's use in penetration testing and security automation, potentially granting attackers full control over compromised systems.
Versions of MITRE Caldera through 4.2.0 and 5.0.0 before commit 35bc06e are vulnerable and require immediate patching. The unauthenticated API endpoint in Caldera’s agent compilation process can be exploited by injecting arbitrary commands during compilation, specifically by abusing the `-extldflags` linker flag in GCC. This allows attackers to deploy rogue Sandcat or Manx agents, which can then execute commands on the compromised system leading to data exfiltration and further attacks on connected assets. Proof-of-Concept exploit details are publicly available.
ImgSrc: blogger.googleu
References :
Versions of MITRE Caldera through 4.2.0 and 5.0.0 before commit 35bc06e are vulnerable and require immediate patching. The unauthenticated API endpoint in Caldera’s agent compilation process can be exploited by injecting arbitrary commands during compilation, specifically by abusing the `-extldflags` linker flag in GCC. This allows attackers to deploy rogue Sandcat or Manx agents, which can then execute commands on the compromised system leading to data exfiltration and further attacks on connected assets. Proof-of-Concept exploit details are publicly available.
ImgSrc: blogger.googleu
Share:
References :
- community.emergingthreats.net: MITRE Caldera Remote Code Execution (CVE-2025-27364)
- gbhackers.com: Critical RCE Vulnerability in MITRE Caldera – Proof of Concept Released
- socradar.io: Security Alert: Critical Flaws in MITRE Caldera and Parallels Desktop (CVE-2025-27364, CVE-2024-34331)
- The Register - Security: MITRE Caldera security suite scores perfect 10 for insecurity
- cR0w :cascadia:: A perfect 10 in MITRE Caldera? Nice. 🥳 In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera's Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.
- Talkback Resources: CVE-2025-27364 (CVSS 10): Remote Code Execution Flaw Found in MITRE Caldera, PoC Releases
- SOC Prime Blog: CVE-2025–27364 in MITRE Caldera: Exploitation of a New Max-Severity RCE Vulnerability via Linker Flag Manipulation Can Lead to Full System Compromise
Classification:
- HashTags: #Vulnerability #RCE #MITRECaldera
- Company: MITRE
- Target: Caldera Servers
- Product: Caldera
- Feature: Remote Code Execution
- Type: Vulnerability
- Severity: Critical