CVE-2025-27364: In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant)...
Description
In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera's Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.
Classification
CVE ID: CVE-2025-27364
CVSS Base Severity: CRITICAL
CVSS Base Score: 10.0
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Problem Types
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')Affected Products
Vendor: MITRE
Product: Caldera
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.56% (probability of being exploited)
EPSS Percentile: 65.53% (scored less or equal to compared to others)
EPSS Date: 2025-03-25 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: poc
SSVC Technical Impact: total
SSVC Automatable: true
References
https://nvd.nist.gov/vuln/detail/CVE-2025-27364https://github.com/mitre/caldera/releases
https://github.com/mitre/caldera/security
https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e
https://github.com/mitre/caldera/commit/35bc06e42e19fe7efbc008999b9f993b1b7109c0
https://github.com/mitre/caldera/pull/3131/commits/61de40f92a595bed462372a5e676c2e5a32d1050
https://github.com/mitre/caldera/pull/3129