A critical remote code execution (RCE) vulnerability, identified as CVE-2025-27364, has been discovered in MITRE Caldera, a widely used adversarial emulation framework. The flaw affects all versions of Caldera prior to commit 35bc06e, which could expose systems running the framework to unauthenticated attacks. This vulnerability allows attackers to manipulate Caldera’s dynamic compilation process used in its Sandcat and Manx agents, enabling arbitrary command execution on the affected host machine. These agents, designed for executing commands during cybersecurity exercises, can be exploited through specially crafted requests, leading to complete system compromise.
The vulnerability stems from insufficient input sanitization during the agent compilation process in Caldera. The compilation of Sandcat and Manx agents is dynamically handled using user-supplied parameters sent via HTTP headers. While this feature facilitates red team operations by providing flexibility, it inadvertently opens up a dangerous attack surface. Attackers can manipulate the linker flags passed through these parameters to hijack the compilation process, exploiting the system’s dependencies like Go, Python, and GCC to run malicious payloads.
A critical part of the exploit involves the use of the -wrapper flag in GCC, which allows specifying a program to wrap subprocess calls.
By injecting malicious commands, such as a reverse shell script, through this flag, attackers bypass Caldera’s security mechanisms and gain control over the host machine. The proof-of-concept exploit demonstrated how a simple HTTP request can trigger a reverse shell on the vulnerable server, granting attackers root access. This highlights the risk of relying on dynamic code generation in security tools, as even minor weaknesses in input validation can lead to severe breaches.
MITRE has responded by issuing patches for Caldera, urging all users to upgrade to version 5.1.0 or newer, which addresses the issue by restricting linker flag modifications and validating compilation parameters. Additionally, organizations are advised to implement network segmentation to isolate Caldera servers from sensitive environments and to remove unnecessary build tools from production systems. With the growing complexity of adversarial emulation platforms, continuous security reviews and updates are crucial to prevent similar vulnerabilities from being exploited. This incident underscores the importance of proactive security measures in open-source projects and the role of community-driven collaboration in addressing emerging threats.
