18 matches found
Metasploit Wrap-Up 03/06/2026
Encoder exposed! Some of our releases add new ways in; this one adds new ways to stay in. There are, of course, still new RCE toys in the box Tactical RMM via Jinja2 SSTI and an unauthenticated MajorDoMo exploit. Still, the underlying theme is payloads: more control over how they are packaged and...
Tactical RMM Jinja2 SSTI Remote Code Execution
This module exploits a Server-Side Template Injection SSTI vulnerability in Tactical RMM versions prior to 1.4.0 CVE-2025-69516. The reporting template preview endpoint passes user-controlled Jinja2 template content to Environment.fromstring without sandboxing, allowing arbitrary Python code...
Signed malware impersonating workplace apps deploys RMM backdoors
In February 2026, Microsoft Defender Experts identified multiple phishing campaigns attributed to an unknown threat actor. The campaigns used workplace meeting lures, PDF attachments, and abuse of legitimate binaries to deliver signed malware. Phishing emails directed users to download malicious...
📄 Tactical RMM 1.3.1 Jinja2 Server-Side Template Injection
This Metasploit module targets a server-side template injection vulnerability in Tactical RMM's template preview endpoint. The implementation is clearly marked as experimental and manually ranked due to the inherently unstable exploitation technique it relies on. The module attempts to achieve...
Exploit for CVE-2025-69516
CVE-2025-69516 - Tactical RMM Remote Code Execution This repo...
CVE-2025-69516
A Server-Side Template Injection SSTI vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the...
CVE-2025-69517
An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agentid parameter accepts up to 255 characters and is improperly sanitized...
CVE-2025-69516
A Server-Side Template Injection SSTI vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the...
Tactical RMM security vulnerabilities
Tactical RMM is an open-source remote monitoring and management tool developed by AmidaWare Inc. Versions of Tactical RMM prior to v1.3.1 contained security vulnerabilities. These vulnerabilities were caused by improper handling of the templatemd parameter, which could lead to server-side templat...
PT-2026-5334
Name of the Vulnerable Software and Affected Versions Amidaware Tactical RMM versions prior to 1.3.2 Description A Server-Side Template Injection SSTI exists in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM. The issue stems from insufficient sanitization of the template md...
CVE-2025-69517
An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agentid parameter accepts up to 255 characters and is improperly sanitized...
CVE-2025-69517
An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agentid parameter accepts up to 255 characters and is improperly sanitized...
CVE-2025-69517
An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agentid parameter accepts up to 255 characters and is improperly sanitized...
CVE-2025-69517
An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agentid parameter accepts up to 255 characters and is improperly sanitized...
CVE-2025-69517
CVE-2025-69517 involves Amidaware Inc Tactical RMM v1.3.1 and earlier. A remote HTML injection occurs when creating a new agent via POST /api/v3/newagent/; the agent_id field (max 255 chars) is sanitized with DOMPurify.sanitize() with html: true, which does not filter HTML adequately. The injecte...
CVE-2025-69517
An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agentid parameter accepts up to 255 characters and is improperly sanitized...
PT-2026-5133
Name of the Vulnerable Software and Affected Versions Amidaware Inc Tactical RMM versions prior to 1.3.2 Description A remote attacker can execute arbitrary code through the /api/tacticalrmm/apiv3/views.py component. Recommendations Update to a version later than 1.3.1...
EUVD-2025-206495
An issue in Amidaware Inc Tactical RMM v1.3.1 and before allows a remote attacker to execute arbitrary code via the /api/tacticalrmm/apiv3/views.py component...