Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity News

MITRE Caldera security advisory warns of maximum severity flaw

By Jordyn Alger, Managing Editor
Green padlock on keyboard

rupixen via Unsplash

February 27, 2025

A security advisory has been issued for MITRE Caldera, warning of a a Remote Code Execution (RCE) vulnerability. This vulnerability (CVE-2025-27364) was discovered in the server’s dynamic compilation functionality, specifically the Manx and Sandcat agents (implants). Malicious actors could exploit this flaw to execute arbitrary code on servers Caldera is running on. 

Security leaders weigh in 

Thomas Richards, Principal Consultant, Network and Red Team Practice Director at Black Duck:

Caldera is one of the primary tools used by an organization’s internal red team to perform continuous and automated testing against their organization. It quickly became the standard since it was open source and supported by a major cyber security organization. Tools like this often have elevated privilege and access to other systems for them to perform the work properly. If Caldera or any organization-wide security tool gets compromised, it would put the attacker in a position to compromise additional systems throughout the organization. Software risk is a business risk and given the prevalence of this tool, organizations should take steps to immediately patch the software and investigate if there were any breaches. 

Mr. Mayuresh Dani, Manager, Security Research, at Qualys Threat Research Unit:

CVE-2025-27364 is a critical vulnerability in one of most popular and open source, autonomous adversary emulation frameworks — MITRE Caldera. The remote code execution vulnerability exists because of insufficient imposition of security restrictions and input sanitization in Caldera’s agent compilation process. This vulnerability affects the Caldera Manx and Sandcat agents that call back to the server, when Go, python and gcc are installed on the system that the Caldera server is running on. Successful exploitation allows a remote, unauthenticated threat actor to execute arbitrary code on the server running Caldera, leading to a complete system compromise.

MITRE Caldera is used by both — security defenders to automate testing of cyber defenses and offensive security teams to augment their testing efforts. Since MITRE Caldera is an open source emulation framework and is compatible across Linux, Apple Mac OS, Microsoft Windows (implants) operating systems, the use is widespread. The vulnerability exists in the implant compilation endpoint, and can be trivially triggered by an unauthenticated threat actor using a simple curl command. Though the proof-of-concept code is not weaponized and needs a slight modification, it can be easily discovered. 

I have seen organizations modify implants for their needs, but the server API is normally untouched, warranting updates to the latest version. Furthermore, since its use in an organization is known and sanctioned, exploitation of the MITRE Caldera server can potentially go unsupervised. Once the server is compromised the attacker could gain access to all the implants and launch further attacks inside the network. This can turn out to be a perfect playing ground for a threat actor.

Eric Schwake, Director of Cybersecurity Strategy at Salt Security:

The vulnerability found in the MITRE Caldera platform poses a significant risk for organizations that depend on it for adversary emulation and security testing. Its security is paramount as a widely utilized tool among security researchers, red teams, and professionals involved in threat modeling and vulnerability assessment. The ability of a remote attacker to execute arbitrary code on the Caldera server, mainly via its API, raises serious concerns.

In a worst-case scenario, an attacker could gain full control of the server, potentially compromising sensitive data, skewing test results, or even utilizing the platform for further attacks on other systems within the organization. This scenario underscores the urgent need for immediate patching of this vulnerability. Organizations using Caldera must prioritize upgrading to the latest version and implementing any additional security measures recommended by MITRE.

This situation also serves as a wider reminder of the necessity for strong API security practices. The existence of this vulnerability within the Caldera server API highlights how APIs can become attractive targets for attackers. Adopting robust API security measures, including thorough authentication, authorization, input validation, and consistent security testing, is essential to prevent such breaches. A holistic approach to API posture governance can aid organizations in identifying and mitigating API vulnerabilities, ensuring that APIs are securely configured and in line with industry standards. While this specific flaw is within the Caldera platform, the principle of securing APIs is universal across all organizations and systems.

KEYWORDS: vulnerability vulnerability assessment vulnerability management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jordynalger

Jordyn Alger is the managing editor for Security magazine. Alger writes for topics such as physical security and cyber security and publishes online news stories about leaders in the security industry. She is also responsible for multimedia content and social media posts. Alger graduated in 2021 with a BA in English – Specialization in Writing from the University of Michigan. Image courtesy of Alger

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Cybersecurity
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Security Leadership and Management
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Colorful laptop

Organizations Think They Know Who’s Visiting Their Sites. They Don’t.

Glasses in front of coding on screen

5 Ways Quantum and AI Will Rewrite the Rules of Cyberattacks

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • ransom-freepik1170x658v7.jpg

    Cybersecurity advisory warns organizations of Karakurt cyber extortion

    See More
  • Glowing red and green connections

    Progress Software issues fix for maximum severity vulnerability

    See More
  • Pumpjack at sunset

    CISA Warns of Cyberattacks Against Critical Oil and Gas Infrastructure

    See More

Related Products

See More Products
  • 9780367259044.jpg

    Understanding Homeland Security: Foundations of Security Policy

  • Security of Information and Communication Networks

  • Hospitality Security: Managing Security in Today's Hotel, Lodging, Entertainment, and Tourism Environment

See More Products

Events

View AllSubmit An Event
  • August 25, 2026

    Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

    LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing