MITRE Caldera dynamic compilation command injection

Added: 02/28/2025

Background

MITRE Caldera is a security platform for emulating adversaries.

Problem

The dynamic compilation functionality in the Manx and Sandcat agents is affected by an injection vulnerability which could allow remote command execution.

Resolution

Upgrade to Caldera 5.1.0 or higher.

References

https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e

Platforms

Linux

Back to exploit index