CVE-2025-27364

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-27364

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27364.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-27364

Published

2025-02-24T19:15:14.917Z

Modified

2026-03-15T14:52:42.457941Z

Severity

10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera's Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.

References

Affected packages

Git / github.com/mitre/caldera

Affected ranges

Type

GIT

Repo

https://github.com/mitre/caldera

Events

Introduced

Last affected

bcaac299e050ed7a1aa9b5bf2ea3d5537074acda

Fixed

35bc06e42e19fe7efbc008999b9f993b1b7109c0

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.0"
        }
    ]
}

Affected versions

2.*

2.0.0

2.1.0

2.3.0

2.3.1

2.6.0

2.6.1

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.64

2.6.65

2.7.0

2.8.0

2.8.1

2.9.0

3.*

3.0.0

3.1.0

4.*

4.0.0

4.0.0-alpha

4.0.0-alpha.2

4.0.0-beta

4.1.0

4.2.0

5.*

5.0.0

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "5.0.0"
            },
            {
                "fixed": "35bc06e"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27364.json"