WARNING: REMOTE CODE EXECUTION VULNERABILITY IN MITRE CALDERA, PATCH IMMEDIATELY!

Image
Decorative image
Publié : 27/02/2025

Reference:
Advisory #2025-44

Version:
1.0

Affected software:
MITRE: Caldera =4.2.0 5.0.0

Type:
OS Command Injection

CVE/CVSS:
CVE-2025-27364
CVSS 10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Sources

Risks

A critical remote code execution (RCE) vulnerability (CVE-2025-27364) was discovered in MITRE Caldera, affecting all versions prior to version 5.1.0. MITRE Caldera is an open-source, automated adversary emulation platform used to simulate cyberattacks and test defensive systems through customizable attack simulations. The vulnerability allows remote, unauthenticated attackers to inject arbitrary code through user-controlled linker flags, compromising the confidentiality, integrity and availability of the system.

Description

CVE-2025-27364, CVSS 10

This vulnerability arises from insecure dynamic compilation in the Manx and Sandcat agents, where user-controlled linker flags (ldflags) can be exploited for command injection. The lack of input validation allows attackers to manipulate these flags during agent compilation, executing arbitrary code on the target system.

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing. The vulnerability is fixed in v5.1.0+ of the main branch through commit 35bc06e.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References