High-Severity Vulnerability in Caldera Allows Full System Control for Attackers
A concerning vulnerability has been uncovered in the Mitre Caldera platform, used primarily for red team exercises in cybersecurity simulations. A security researcher has alerted users that a Metasploit module exploiting this flaw will be released soon. The researcher, Dawid Kulikowski, emphasized the need for immediate action to mitigate risks associated with this security gap.
Related Content: Live Webinar | API Security Matters: The Risks of Turning a Blind Eye
Kulikowski has rated the vulnerability, tracked as CVE-2025-27364, as a ten out of ten in severity on the Common Vulnerability Scoring System (CVSS). This vulnerability exists in default configurations of Caldera that also rely on the Go and Python programming languages, along with the GNU Compiler Collection. Given that these dependencies are crucial for Caldera’s functionality, many installations are likely vulnerable.
Attackers can exploit this flaw to inject and execute malicious code with the same permissions as the server itself, which could lead to complete system compromise. Every version of Caldera dating back to its inception in 2017, except for the latest release—Master branch or v5.1.0+—is at risk, as it includes a critical patch.
Caldera serves as an open-source platform that mimics real-world cyber threats to assist organizations in testing their defenses. While red teams simulate attacks, blue teams analyze threats, enabling a controlled environment for cybersecurity training. The platform replicates adversarial tactics through agents that maneuver across networks similarly to actual attackers.
The vulnerability stems from how Caldera agents process dynamic compilation. Incorrect handling allows attackers to send specially crafted API requests linked to core components of Caldera, notably Manx and Sandcat. Sandcat functions as a default agent that executes automated threat actions, while Manx acts as a reverse shell for remote command execution. The dynamic compilation feature, which allows users to customize agent operations, can be exploited through tailored HTTP headers to inject harmful code.
Kulikowski noted that the Caldera server lacks robust authentication processes in handling dynamic compilations, creating an opportunity for attackers to exploit affected agents by injecting malicious commands. He has produced a proof-of-concept exploit for this vulnerability, albeit with modifications to the code to minimize misuse among less experienced attackers.
However, this restraint may not last long, as Kulikowski has plans to issue a more comprehensive Metasploit module in the near future, indicating an increased risk for organizations using vulnerable versions of Caldera.
