Summary: A critical remote code execution (RCE) vulnerability, CVE-2025-27364, has been discovered in MITRE Caldera, affecting all versions of the platform, which is widely used for red-teaming exercises. Exploiting this flaw allows attackers to execute arbitrary code on affected servers without requiring authentication, thereby compromising security. MITRE has urged users to update immediately to the latest versions to mitigate this threat.
Affected: MITRE Caldera
Keypoints :
- A maximum severity RCE vulnerability (CVE-2025-27364) can be triggered with existing default configurations of Caldera.
- The flaw allows unauthenticated attackers to execute malicious code on servers running Caldera, potentially compromising entire systems.
- Immediate updates to the latest versions of Caldera are highly recommended to prevent exploitation, as a proof-of-concept exploit has been developed.
Source: https://www.darkreading.com/application-security/max-severity-rce-vuln-all-versions-mitre-caldera