← voltar
CVE-2025-27364

CVE-2025-27364

CVSS 10 CRITICALEPSS 23.8%CWE-78
Vexday Risk Score
33Atenção
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 10EPSS 23.8%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
24 fev 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera's Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
MITRE · Caldera

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/mitre/caldera/commit/35bc06e42e19fe7efbc008999b9f993b1b7109c0https://github.com/mitre/caldera/pull/3129https://github.com/mitre/caldera/pull/3131/commits/61de40f92a595bed462372a5e676c2e5a32d1050https://github.com/mitre/caldera/releaseshttps://github.com/mitre/caldera/securityhttps://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e