The article, authored by Dawid Kulikowski and edited by Michael Kouremetis for Medium, discusses a critical security vulnerability in all versions of MITRE Caldera prior to commit 35BC06E. This vulnerability allows for Remote Code Execution (RCE) in most default configurations, and it is highly likely to be exploitable due to the dependencies required for Caldera’s functionality, specifically the presence of Ir, Python, and GCC.
The vulnerability arises from the dynamic compilation feature of Caldera’s "Manx Agent" and "SandBox" agents, which are reverse shells that connect back to Caldera to execute commands. The concern is that the endpoint used for this compilation is unauthenticated, enabling attackers to exploit vulnerabilities without needing to authenticate.
The process begins when Caldera’s server receives web requests to download agents that are executed on target systems. The agent download process permits the specification of various parameters through HTTP headers, including communication methods, encryption keys, and C2 addresses. During this step, these parameters are built into the agents in real-time, leading to the examination of how user-controllable data is fed into the compiling agent.
The vulnerability can be traced back to how the GCC is called with unsafe command passing methods. While the initial exploration revealed that the subprocess is not invoked with a shell (a good security practice), this still left open the potential for command injection through the use of linker flags that could control the parameters passed during compilation.
Upon examining the compilation function, the author discovered that Caldera utilizes linker flags such as "-INCÓGNITO" and occasionally "-s" and "-W," which strip debugging symbols. The "-INCÓGNITO" flag allows variable assignment similar to the GCC “-D” flag, and further investigation revealed additional linker flags exist which could be exploited.
The core of the exploitation method hinges on finding an appropriate combination of binaries and arguments to execute user-controlled parameters. Alterations to the build process may need to occur to engage specific external linkers. Eventually, the author hypothesized that using the GCC wrapper option could invoke GCC command subroutines as needed for facilitating the execution of custom parameters.
The experimentation culminated in the execution of a crafted curl command targeting the Caldera server, using carefully constructed parameters to exploit the dynamic compilation function successfully, subsequently demonstrating an exploit capture.
As of the writing of the article, this vulnerability has been reported to the MITRE Caldera team and has been patched in the codebase. Users are encouraged to upgrade to the latest version (Master Branch or V5.1.0+) immediately. The exploit has been cataloged under CVE-2025–27364, and ongoing updates concerning the vulnerability will be addressed.
The article serves as a caution for users of Caldera to evaluate their configurations, promptly apply patches, and avoid exposing their setups to the internet where such vulnerabilities could be exploited. The author plans to release a complete MetaSploit module addressing this vulnerability in the weeks to come, highlighting the importance of security awareness in open-source software ecosystems.
In summary, the vulnerability outlined in MITRE Caldera exemplifies the risks associated with poorly managed user inputs in software systems, particularly emphasizing the necessity for thorough code reviews and prompt updates in the face of security threats.