MITRE Caldera Faces Critical Remote Code Execution Vulnerability: Security Experts Urge Immediate Action
Critical Security Advisory Issued for MITRE Caldera: RCE Vulnerability Exposed
In a stark warning to organizations worldwide, security experts have announced the discovery of a Remote Code Execution (RCE) vulnerability in MITRE Caldera, a widely used open-source adversary emulation framework. Identified as CVE-2025-27364, the vulnerability relates to inadequacies in the server’s dynamic compilation process, particularly impacting the Manx and Sandcat agents.
As organizations increasingly rely on automated tools for red teaming and security assessments, this vulnerability presents a significant threat. Exploiting this flaw, malicious actors can execute arbitrary code on servers running Caldera, potentially leading to a full system compromise. Thomas Richards, Principal Consultant at Black Duck, emphasized the gravity of the situation, stating that any breach of Caldera “puts the attacker in a position to compromise additional systems” within an organization.
The Caldera framework is integral for both offensive and defensive cybersecurity teams, enhancing the effectiveness of security testing. However, the vulnerability’s existence, which can easily be triggered by a simple curl command, raises serious concerns. Mr. Mayuresh Dani from Qualys Threat Research Unit notes that successful exploitation allows unauthorized access, turning the Caldera server into a launching pad for further attacks.
With the potential for catastrophic consequences, cybersecurity leaders urge organizations to prioritize immediate software patches and thorough investigations for any prior breaches. Eric Schwake, Director of Cybersecurity Strategy at Salt Security, stressed the necessity of strong API security measures, advocating for enhanced authentication, input validation, and continuous security checks to counter future threats.
As Caldera serves as a cornerstone in the toolkit of many security professionals, the urgency for organizations to respond proactively cannot be overstated—ensuring the integrity of their cybersecurity infrastructures remains paramount.
