February 28, 2025 By Zeljka Zorz
Users of the MITRE Caldera cyber security platform have been urged to plug a critical hole (CVE-2025–27364) that may allow unauthenticated attackers to achieve remote code execution.
About MITRE Caldera
MITRE Caldera is a platform built on the MITRE ATT&CK framework and is used by cybersecurity teams for adversary emulation, to evaluate detections and defensive tools, train red and blue teamers, testing cyber ranges, and so on.
It consists of a core system (including a command-and-control server with a REST API and a web interface) and plugins (agents, collections of TTPs, etc.) to expand its capabilities. Some of the plugins are maintaned by the Caldera team and are included by default, while others are maintained by third parties and have to be additionally installed by users.
MITRE Caldera can be installed on Linux or macOS machines and require Python 3.9+, GoLang 1.17+, and the NodeJS JavaScript runtime environment to be installed for all of it to function as it should.
About CVE-2025–27364
CVE-2025–27364 is an OS command injection vulnerability affecting all versions of MITRE Caldera up until 4.2.0 and 5.0.0. The vulnerability was discovered and reported by Dawid Kulikowski, a contributor to the project, who also helped create the patch for it.