The smart cookie who discovered a perfect 10-out-of-10-severity remote code execution (RCE) bug in MITRE’s Caldera security training platform has urged users to “immediately pull down the latest version.” As in, download it and install it.
Tracked as CVE-2025-27364, the max-severity vulnerability affects all versions of Caldera, including the very first ones released back in 2017, bar the latest fixed versions: 5.1.0+, or whatever’s in the master source branch.
Caldera began as a research project in 2015 before launching as a fully fledged adversary emulation platform. Today, the open source project is relied upon by red and blue teams to simulate attacks and breaches, and develop organizational defenses. In reality, the suite itself can be remotely hijacked.
To make matters worse, the RCE flaw can be triggered “in most default configurations,” according to Dawid Kulikowski, who found and reported the hole. An attacker can only achieve RCE when Go, Python, and the GNU Compiler Collection (GCC) are installed on the target device, though all three dependencies are required for Caldera to be fully functional.
Kulikowski further noted that GCC is often a dependency of Go in many distributions, making the likelihood of the conditions being met fairly high.
The vulnerability specifically involves deploying Manx and Sandcat agents – a set of reverse shells that are compiled dynamically and dictate how a given Caldera operation runs – with instructions set by the attacker.
According to comments in Caldera’s code, the developers behind the project were already aware the API endpoint that can be exploited by receiving a malicious request is unauthenticated, meaning if a vulnerability was ever discovered affecting it, then it likely wouldn’t require valid credentials to pop it.
The bug can be exploited using a specially crafted HTTPS request, the same kind that usually passes parameters such as the communication method, encryption keys, and C2 addresses to the agents.
Kulikowski detailed the process of developing the exploit and published a slightly incomplete snippet of his proof of concept (PoC) code, omitting key steps to, in his words, “prevent script kiddies from being able to easily abuse it.”
“One must investigate the Caldera source code to identify the required modifications, as copy-pasting the proof-of-concept shown here will not fully work,” said Kulikowski.
The advice is to either apply the patches or stop exposing the system to the internet or untrusted users, with both being recommended actions. ®