Nuclei Templates Added for MITRE Caldera RCE and GitLab SAML Auth Bypass
ProjectDiscovery contributors submitted new Nuclei detection templates for two newly tracked vulnerabilities: CVE-2025-27364, described as an unauthenticated remote code execution flaw in MITRE Caldera, and CVE-2025-25291, an authentication bypass issue in ruby-saml affecting GitLab SAML SSO deployments. The references indicate both issues were significant enough to prompt rapid addition of scanning coverage in the public nuclei-templates repository.
Available details remain limited because the source material is drawn from GitHub pull request metadata rather than full advisories, but the vulnerability labels point to potentially high-impact exposure in identity and adversary-emulation infrastructure. Security teams using GitLab SAML single sign-on or MITRE Caldera should track vendor guidance, validate exposure to CVE-2025-25291 and CVE-2025-27364, and prepare to use updated detection content as part of vulnerability assessment workflows.
Timeline
Apr 4, 2026
CVE-2025-27364 referenced as MITRE Caldera unauthenticated RCE
A reference described CVE-2025-27364 as an unauthenticated remote code execution vulnerability affecting MITRE Caldera. The available content was limited to a pull request context and did not include exploitation details, impact scope, or patch information.
Apr 4, 2026
CVE-2025-25291 identified as ruby-saml auth bypass affecting GitLab SAML SSO
A reference associated CVE-2025-25291 with an authentication bypass vulnerability in ruby-saml impacting GitLab SAML single sign-on. No further technical details, affected versions, or remediation information were provided in the source fragment.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Sources
Related Stories
Nuclei templates added for MITRE Caldera RCE and exploited Ivanti buffer overflow
ProjectDiscovery contributors submitted new **Nuclei** detection templates for two high-impact vulnerabilities: `CVE-2025-27364`, a remote code execution flaw affecting **MITRE Caldera**, and `CVE-2025-22457`, a stack-based buffer overflow affecting **Ivanti Connect Secure**, **Policy Secure**, and **ZTA Gateways**. The Caldera submission adds a community template for identifying exposure to the RCE issue, while the Ivanti submission adds version-based detection logic tied to product web portal pages. The Ivanti flaw was described as a **CVSS 9.0** vulnerability in `X-Forwarded-For` header processing and was reported as **actively exploited in the wild** by China-nexus threat actors, with references to **Mandiant**, **Google TAG**, and inclusion in **CISA's Known Exploited Vulnerabilities** catalog. The proposed Ivanti template checks for versions earlier than `22.7R2.6`, giving defenders a way to quickly identify potentially exposed appliances, while the Caldera template expands scanning coverage for organizations using the adversary emulation platform.
1 months ago
Nuclei Templates Added for WordPress SSTI and Nginx UI Access Control Flaws
ProjectDiscovery contributors opened and advanced Nuclei template pull requests for two newly tracked vulnerabilities: **`CVE-2026-4257`**, a **server-side template injection** issue in the **WordPress Contact Form by Supsystic** plugin, and **`CVE-2026-33032`**, a **broken access control** flaw in **Nginx UI**. The GitHub activity shows template development intended to support detection of both issues, with one pull request referencing a new `CVE-2026-4257.yaml` file and another marked ready to merge for the Nginx UI vulnerability. The available records are limited to repository metadata and do not include technical write-ups, affected version ranges, exploitation details, or vendor remediation guidance. Even so, the publication of detection content for these CVEs indicates that security researchers are operationalizing checks for exposed systems, and defenders using Nuclei should watch for template releases covering both the WordPress plugin SSTI and the Nginx UI authorization weakness.
3 weeks ago
Nuclei Templates Added for CWP Control Web Panel and Letta AI RCE Flaws
ProjectDiscovery's `nuclei-templates` repository added detection content for two remote code execution vulnerabilities: **CVE-2025-48703** affecting **CWP Control Web Panel** and **CVE-2025-51482** affecting **Letta AI**. One pull request identifies the CWP issue as an RCE flaw, while a second names an RCE path in Letta AI via the `/v1/tools/run` endpoint. The references indicate public detection coverage is being created for both issues, which can increase defender visibility as well as attacker awareness. The available material does not include affected versions, exploitation evidence, patch guidance, or victim impact, but it does confirm that both vulnerabilities were significant enough to warrant dedicated `nuclei` checks for internet-exposed systems.
1 months ago