PoC Week 2025-03-10

Posted on Mar 10, 2025

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2025-27364

  • Severity: 10 CRITICAL
  • Impacted Products: MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e
  • Description: Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera’s Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.
  • Remediation: Follow developer advice.
  • More Info: NVD - CVE-2025-27364
  • PoC: https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e

CVE-2025-20088

  • Severity: 6.5 MEDIUM
  • Impacted Products: Android
  • Description: In multiple functions of mremap.c, there is a possible use-after-free scenario in physical memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
  • Remediation: Follow developer advice.
  • More Info: Google - CVE-2025-20088
  • PoC: https://project-zero.issues.chromium.org/issues/377569381

CVE-2025-0282

  • Severity: 9.0 CRITICAL
  • Impacted Products: Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3
  • Description: A stack-based buffer overflow allows a remote unauthenticated attacker to achieve remote code execution.
  • Remediation: Follow developer guidance.
  • More Info: CVE-2025-0282
  • PoC: https://github.com/sfewer-r7/CVE-2025-0282/

References

This list was scraped from the quite amazing and highly recommended newsletters below:

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.