Critical Vulnerability Alert: CVE-2025-27364 in MITRE Caldera

Critical RCE Flaw Discovered in MITRE Caldera: Urgent Action Required

A significant security vulnerability, designated CVE-2025-27364, has been identified in MITRE Caldera, an open-source adversary emulation platform widely used by cybersecurity professionals. This critical Remote Code Execution (RCE) flaw could allow malicious actors to execute arbitrary code on servers running the platform, potentially compromising sensitive systems.

MITRE Caldera is designed to simulate cyberattacks in a controlled environment, emulating advanced persistent threats (APTs) through agents like Sandcat and Manx. These agents perform tasks such as reconnaissance and exploitation, making the platform a valuable tool for security assessments. However, the newly discovered vulnerability affects versions 4.2.0 and earlier, specifically in the dynamic agent compilation process.

The flaw arises from inadequate input sanitization in the Caldera server’s handling of compilation requests. Attackers can exploit this weakness by sending specially crafted web requests to the Caldera server API, manipulating the compilation process to execute arbitrary code. The vulnerability is exacerbated by the lack of proper authentication mechanisms, allowing unauthorized access to the system.

With a CVSS score of 10.0, the severity of CVE-2025-27364 is alarming. The MITRE Caldera team has urged users to upgrade to version 5.1.0 or later, which includes essential patches to mitigate the risk. They also recommend that users avoid exposing Caldera instances to the internet unless absolutely necessary.

If left unaddressed, this vulnerability could lead to severe consequences, including unauthorized access to sensitive data and the potential for further network attacks. The incident underscores the critical need for robust security practices in open-source tools, emphasizing the importance of input validation and timely updates to safeguard against emerging cyber threats.