Security News > 2025 > February > MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364)
2025-02-28 14:44
Users of the MITRE Caldera cyber security platform have been urged to plug a critical hole (CVE-2025–27364) that may allow unauthenticated attackers to achieve remote code execution. About MITRE Caldera MITRE Caldera is a platform built on the MITRE ATT&CK framework and is used by cybersecurity teams for adversary emulation, to evaluate detections and defensive tools, train red and blue teamers, testing cyber ranges, and so on. It consists of a core system (including a … More → The post MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) appeared first on Help Net Security.
News URL
Related news
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
- NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406) (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)