Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: REMOTE CODE EXECUTION VULNERABILITY IN MITRE CALDERA, PATCH IMMEDIATELY!
Image
Published : 27/02/2025
Reference:
Advisory #2025-44
Version:
1.0
Affected software:
MITRE: Caldera =4.2.0 5.0.0
Type:
OS Command Injection
CVE/CVSS:
CVE-2025-27364
CVSS 10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Sources
Risks
A critical remote code execution (RCE) vulnerability (CVE-2025-27364) was discovered in MITRE Caldera, affecting all versions prior to version 5.1.0. MITRE Caldera is an open-source, automated adversary emulation platform used to simulate cyberattacks and test defensive systems through customizable attack simulations. The vulnerability allows remote, unauthenticated attackers to inject arbitrary code through user-controlled linker flags, compromising the confidentiality, integrity and availability of the system.
Description
CVE-2025-27364, CVSS 10
This vulnerability arises from insecure dynamic compilation in the Manx and Sandcat agents, where user-controlled linker flags (ldflags) can be exploited for command injection. The lack of input validation allows attackers to manipulate these flags during agent compilation, executing arbitrary code on the target system.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing. The vulnerability is fixed in v5.1.0+ of the main branch through commit 35bc06e.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.