Full Report
A novel max-severity RCE vulnerability (CVE-2025-27364) in MITRE Caldera poses a serious risk of system compromise. The flaw can also be chained with another Parallels Desktop security issue, CVE-2024-34331, to double the risks of threats. If exploited, these security issues could provide hackers with full system control, causing unauthorized access, data breaches, and further lateral […] The post CVE-2025–27364 in MITRE Caldera: Exploitation of a New Max-Severity RCE Vulnerability via Linker Flag Manipulation Can Lead to Full System Compromise appeared first on SOC Prime.
Analysis Summary
# Vulnerability: Max-Severity RCE in MITRE Caldera via Linker Flag Manipulation
## CVE Details
- CVE ID: CVE-2025-27364
- CVSS Score: N/A (Described as "Max-Severity")
- CWE: N/A
## Affected Systems
- Products: MITRE Caldera
- Versions: Versions prior to 5.1.0 (Master branch is patched)
- Configurations: N/A
## Vulnerability Description
The vulnerability is a Remote Code Execution (RCE) flaw in MITRE Caldera resulting from manipulation of linker flags. A successful exploitation, which can be initiated via a specific `curl` command, leads to the execution of a Python script that grants the attacker root access to the system. This vulnerability can potentially be chained with CVE-2024-34331 (affecting Parallels Desktop) to achieve full control over targeted macOS systems.
## Exploitation
- Status: PoC available (A specific `curl` command is mentioned)
- Complexity: Low (Easy to exploit via the mentioned command)
- Attack Vector: Network
## Impact
- Confidentiality: High (Leads to full system compromise)
- Integrity: High (Leads to full system compromise)
- Availability: High (Leads to full system compromise)
## Remediation
### Patches
- Update to the latest fixed version: **Version 5.1.0 or above**, or pull the **Master branch**.
### Workarounds
- Restrict access to Caldera’s API using network segmentation and rigid controls.
## Detection
- Monitor for unusual agent compilations.
- Track abnormal API activity related to Caldera.
## References
- [Vendor Advisory/Fix link](https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e)