cvelistv5 - CVE-2025-27364

CVE-2025-27364

Vulnerability from cvelistv5

Published

2025-02-24 00:00

Modified

2025-02-24 19:22

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera's Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.

References

▼	URL	Tags
	cve@mitre.org	https://github.com/mitre/caldera/commit/35bc06e42e19fe7efbc008999b9f993b1b7109c0
	cve@mitre.org	https://github.com/mitre/caldera/pull/3129
	cve@mitre.org	https://github.com/mitre/caldera/pull/3131/commits/61de40f92a595bed462372a5e676c2e5a32d1050
	cve@mitre.org	https://github.com/mitre/caldera/releases
	cve@mitre.org	https://github.com/mitre/caldera/security
	cve@mitre.org	https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e

Impacted products

	Vendor	Product	Version
	MITRE	Caldera	Version: 0 ≤ 4.2.0 Version: 5.0.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27364",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-24T19:22:07.090502Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-24T19:22:10.867Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Caldera",
          "vendor": "MITRE",
          "versions": [
            {
              "lessThanOrEqual": "4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:mitre:caldera:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "4.2.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:mitre:caldera:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "5.0.0",
                  "versionStartIncluding": "5.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera\u0027s Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-24T19:08:07.220Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/mitre/caldera/releases"
        },
        {
          "url": "https://github.com/mitre/caldera/security"
        },
        {
          "url": "https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e"
        },
        {
          "url": "https://github.com/mitre/caldera/commit/35bc06e42e19fe7efbc008999b9f993b1b7109c0"
        },
        {
          "url": "https://github.com/mitre/caldera/pull/3131/commits/61de40f92a595bed462372a5e676c2e5a32d1050"
        },
        {
          "url": "https://github.com/mitre/caldera/pull/3129"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-27364",
    "datePublished": "2025-02-24T00:00:00.000Z",
    "dateReserved": "2025-02-22T00:00:00.000Z",
    "dateUpdated": "2025-02-24T19:22:10.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-27364\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-02-24T19:15:14.917\",\"lastModified\":\"2025-02-24T20:15:34.180\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera\u0027s Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"references\":[{\"url\":\"https://github.com/mitre/caldera/commit/35bc06e42e19fe7efbc008999b9f993b1b7109c0\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/mitre/caldera/pull/3129\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/mitre/caldera/pull/3131/commits/61de40f92a595bed462372a5e676c2e5a32d1050\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/mitre/caldera/releases\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/mitre/caldera/security\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27364\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-24T19:22:07.090502Z\"}}}], \"references\": [{\"url\": \"https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-24T19:21:58.731Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 10, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"MITRE\", \"product\": \"Caldera\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.2.0\"}, {\"status\": \"affected\", \"version\": \"5.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/mitre/caldera/releases\"}, {\"url\": \"https://github.com/mitre/caldera/security\"}, {\"url\": \"https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e\"}, {\"url\": \"https://github.com/mitre/caldera/commit/35bc06e42e19fe7efbc008999b9f993b1b7109c0\"}, {\"url\": \"https://github.com/mitre/caldera/pull/3131/commits/61de40f92a595bed462372a5e676c2e5a32d1050\"}, {\"url\": \"https://github.com/mitre/caldera/pull/3129\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera\u0027s Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:mitre:caldera:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"4.2.0\"}, {\"criteria\": \"cpe:2.3:a:mitre:caldera:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"5.0.0\", \"versionStartIncluding\": \"5.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-02-24T19:08:07.220Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-27364\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-24T19:22:10.867Z\", \"dateReserved\": \"2025-02-22T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-02-24T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ncsc-2025-0069

Vulnerability from csaf_ncscnl

Published

2025-02-25 07:42

Modified

2025-02-25 07:42

Summary

Kwetsbaarheid verholpen in MITRE Caldera

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

MITRE heeft een kwetsbaarheid verholpen in Caldera (Specifiek voor versies 4.2.0 en 5.0.0).

Interpretaties

De kwetsbaarheid bevindt zich in de wijze waarop de Caldera-server webverzoeken verwerkt. Kwaadwillende aanvallers kunnen speciaal vervaardigde webverzoeken naar de Caldera-server API sturen, waardoor ze willekeurige code op de server kunnen uitvoeren. Dit kan leiden tot ongeautoriseerde toegang en controle over de getroffen systemen.

Oplossingen

MITRE heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "MITRE heeft een kwetsbaarheid verholpen in Caldera (Specifiek voor versies 4.2.0 en 5.0.0).",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheid bevindt zich in de wijze waarop de Caldera-server webverzoeken verwerkt. Kwaadwillende aanvallers kunnen speciaal vervaardigde webverzoeken naar de Caldera-server API sturen, waardoor ze willekeurige code op de server kunnen uitvoeren. Dit kan leiden tot ongeautoriseerde toegang en controle over de getroffen systemen.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "MITRE heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
        "title": "CWE-78"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://github.com/mitre/caldera"
      }
    ],
    "title": "Kwetsbaarheid verholpen in MITRE Caldera",
    "tracking": {
      "current_release_date": "2025-02-25T07:42:48.535179Z",
      "id": "NCSC-2025-0069",
      "initial_release_date": "2025-02-25T07:42:48.535179Z",
      "revision_history": [
        {
          "date": "2025-02-25T07:42:48.535179Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "caldera",
            "product": {
              "name": "caldera",
              "product_id": "CSAFPID-1773921",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:mitre:caldera:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "caldera",
            "product": {
              "name": "caldera",
              "product_id": "CSAFPID-1774023",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:mitre:caldera:4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "caldera",
            "product": {
              "name": "caldera",
              "product_id": "CSAFPID-1774024",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:mitre:caldera:4.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "caldera",
            "product": {
              "name": "caldera",
              "product_id": "CSAFPID-1774025",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:mitre:caldera:4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "caldera",
            "product": {
              "name": "caldera",
              "product_id": "CSAFPID-1774026",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:mitre:caldera:5.0:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "mitre"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-27364",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "title": "CWE-78"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1773921",
          "CSAFPID-1774023",
          "CSAFPID-1774024",
          "CSAFPID-1774025",
          "CSAFPID-1774026"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27364",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27364.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1773921",
            "CSAFPID-1774023",
            "CSAFPID-1774024",
            "CSAFPID-1774025",
            "CSAFPID-1774026"
          ]
        }
      ],
      "title": "CVE-2025-27364"
    }
  ]
}

ghsa-3xgj-vqg4-h895

Vulnerability from github

Published

2025-02-24 21:31

Modified

2025-02-24 21:31

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-27364"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-24T19:15:14Z",
    "severity": "CRITICAL"
  },
  "details": "In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera\u0027s Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.",
  "id": "GHSA-3xgj-vqg4-h895",
  "modified": "2025-02-24T21:31:44Z",
  "published": "2025-02-24T21:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27364"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mitre/caldera/pull/3129"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mitre/caldera/pull/3131/commits/61de40f92a595bed462372a5e676c2e5a32d1050"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mitre/caldera/commit/35bc06e42e19fe7efbc008999b9f993b1b7109c0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mitre/caldera/releases"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mitre/caldera/security"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2025-27364

Vulnerability from fkie_nvd

Published

2025-02-24 19:15

Modified

2025-02-24 20:15

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	cve@mitre.org	https://github.com/mitre/caldera/commit/35bc06e42e19fe7efbc008999b9f993b1b7109c0
	cve@mitre.org	https://github.com/mitre/caldera/pull/3129
	cve@mitre.org	https://github.com/mitre/caldera/pull/3131/commits/61de40f92a595bed462372a5e676c2e5a32d1050
	cve@mitre.org	https://github.com/mitre/caldera/releases
	cve@mitre.org	https://github.com/mitre/caldera/security
	cve@mitre.org	https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera\u0027s Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands."
    },
    {
      "lang": "es",
      "value": " En MITRE Caldera hasta la versi\u00f3n 4.2.0 y 5.0.0 antes de la versi\u00f3n 35bc06e, se encontr\u00f3 una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) en la funcionalidad de compilaci\u00f3n del agente din\u00e1mico (implante) del servidor. Esto permite a atacantes remotos ejecutar c\u00f3digo arbitrario en el servidor en el que se ejecuta Caldera a trav\u00e9s de una solicitud web manipulada a la API del servidor Caldera utilizada para compilar y descargar el agente Sandcat o Manx de Caldera (implantes). Esta solicitud web puede utilizar el indicador de enlace gcc -extldflags con subcomandos."
    }
  ],
  "id": "CVE-2025-27364",
  "lastModified": "2025-02-24T20:15:34.180",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-02-24T19:15:14.917",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/mitre/caldera/commit/35bc06e42e19fe7efbc008999b9f993b1b7109c0"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/mitre/caldera/pull/3129"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/mitre/caldera/pull/3131/commits/61de40f92a595bed462372a5e676c2e5a32d1050"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/mitre/caldera/releases"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/mitre/caldera/security"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "cve@mitre.org",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-27364

Vulnerability from cvelistv5

ncsc-2025-0069

Vulnerability from csaf_ncscnl

ghsa-3xgj-vqg4-h895

Vulnerability from github

fkie_cve-2025-27364

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature