Metasploit Wrap-Up 11/14/2025

It has “SUS” in the name, what did you expect? This week’s release features the much-hyped CVE-2025-59287, a Critical-Severity Windows Server Update Service WSUS vulnerability that allows for SYSTEM level remote code execution. Documented among the multiple recent zero-days in Windows, the...

Windows Persistent Task Scheduler

This Metasploit module establishes persistence by creating a scheduled task to run a payload...

Windows Persistent Startup Folder

This Metasploit module establishes persistence by creating a payload in the user or system startup folder. Works on Vista and newer systems...

📄 Malicious Windows Script Host Script File

This Metasploit module creates a Windows Script Host WSH Windows Script File .wsf. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Windows Script Host Script File .wsf', 'Description'...

📄 Generic Payload Handler

This Metasploit module is a stub that provides all of the features of the Metasploit payload system to exploits that have been launched outside of the framework. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

📄 Malicious XDG Desktop File

This Metasploit module creates a malicious XDG Desktop .desktop file. On most modern systems, desktop files are not trusted by default. The user will receive a warning prompt that the file is not trusted when running the file, but may choose to run the file anyway. The default file manager...

📄 Malicious Windows Script Host VBScript File

This Metasploit module creates a Windows Script Host WSH VBScript .vbs file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Windows Script Host VBScript .vbs File', 'Description' = %...

shellshocker-pocs

This repository contains a collection of Proof of Concepts PoCs and potential targets for the Shellshock vulnerability, also known as Bash Bug. The vulnerability affects the Bash shell and allows an attacker to execute arbitrary code by injecting malicious environment variables. The repository...

Exploit for Classic Buffer Overflow in Microsoft

ExplodingCan An implementation of ExplodingCan's exploit extracted from FuzzBunch, the "Metasploit" of the NSA. Details Vulnerability: Microsoft IIS WebDav 'ScStoragePathFromUrl' Remote Buffer Overflow CVE: CVE-2017-7269 Disclosure date: March 31 2017 Affected product: Microsoft Windows Server 20...

Exploit for Command Injection in Tp-Link Tl-Wr940N_Firmware

CVE-2023-33538 – TP-Link TL-WR940N/841N Command Injection Met...

Exploit for Allocation of Resources Without Limits or Throttling in Openbsd Openssh

CVE-2025-26466 Metasploit module OpenSSH versions 9.5p1 to...

OS Command Exec, Unix Command Shell, Reverse UDP (via socat)

Execute an OS command from PHP. Creates an interactive shell via socat Module Options msf use payload/php/unix/cmd/reversesocatudp msf payloadreversesocatudp show actions ...actions... msf payloadreversesocatudp set ACTION msf payloadreversesocatudp show options ...show and set options... msf...

OS Command Exec, Unix Command Shell, Reverse TCP SSL (via php)

Execute an OS command from PHP. Creates an interactive shell via php, uses SSL Module Options msf use payload/php/unix/cmd/reversephpssl msf payloadreversephpssl show actions ...actions... msf payloadreversephpssl set ACTION msf payloadreversephpssl show options ...show and set options... msf...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

Blackash-CVE-2025-24071 CVE-2025-24071: NTLM Hash Leak via...

📄 Langflow AI Remote Code Execution

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...

Appsmith RCE

An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. Module Options msf use exploit/linux/http/appsmithrcecve202455964 msf exploitappsmithrcecve202455964 show targets ...targets... msf...

📄 Appsmith Remote Code Execution

An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

CrushFTP AWS4-HMAC Authentication Bypass

This module leverages an authentication bypass in CrushFTP 11 use auxiliary/gather/crushftpauthbypasscve20252825 msf auxiliarycrushftpauthbypasscve20252825 show actions ...actions... msf auxiliarycrushftpauthbypasscve20252825 set ACTION msf auxiliarycrushftpauthbypasscve20252825 show options...

Sitecore CVE-2025-27218 BinaryFormatter Deserialization

This Metasploit module exploits a .NET deserialization vulnerability in Sitecore Experience Manager XM and Experience Platform XP 10.4 by injecting a malicious Base64-encoded BinaryFormatter payload into an HTTP header. This module requires Metasploit: https://metasploit.com/download Current...

CVE-2024-55964

creationtimestamp| type| source ---|---|--- 2025-03-26 20:25:59+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8967 2025-03-26 22:15:26+00:00| seen| https://t.me/cvedetector/21220 2025-04-07 14:00:17+00:00| seen|...