Summary: A critical vulnerability, identified as CVE-2025-27364, in MITRE Caldera poses a severe Remote Code Execution (RCE) risk, allowing attackers to run arbitrary code on vulnerable servers. It affects versions up to 5.0.0 before commit 35bc06e, primarily through flaws in the agent compilation process that lacks proper authentication. Users are urged to update to the latest version to mitigate potential exploitation risks.
Affected: MITRE Caldera
Keypoints :
- Critical CVSS score of 10 indicating severe impact on affected systems.
- Vulnerability allows execution of arbitrary code via malicious web requests to the Caldera API.
- Lack of authentication on compilation endpoints increases the risk of exploitation.
- Patch available in versions post-commit 35bc06e and v5.1.0+; users are urged to update immediately.
Views: 26