National Cyber Warfare Foundation (NCWF)

Metasploit Weekly Wrap-Up 04 11 2025
0 user ratings		2025-04-11 18:11:29
milo
Red Team (CNA)

Spring Exploits


This weekly release of Metasploit Framework includes new RCE exploit modules for several vulnerable applications: Appsmith, a low-code application platform which contains a misconfiguration on PostgreSQL (CVE-2024-55964); Pandora FMS, a monitoring solution, where, once gained access to the administrator panel is possible to inject commands (CVE-2024-12971); Oracle Access



Spring Exploits


Metasploit Weekly Wrap-Up 04/11/2025

This weekly release of Metasploit Framework includes new RCE exploit modules for several vulnerable applications: Appsmith, a low-code application platform which contains a misconfiguration on PostgreSQL (CVE-2024-55964); Pandora FMS, a monitoring solution, where, once gained access to the administrator panel is possible to inject commands (CVE-2024-12971); Oracle Access Manager, a SSO application containing an unauthenticated deserialization vulnerability (CVE-2021-35587); and pgAdmin Query Tool, a powerful database management tool that let attacker convert database accesses into shells (CVE-2025-2945).


New module content (5)


CrushFTP AWS4-HMAC Authentication Bypass


Authors: Outpost24 and remmons-r7

Type: Auxiliary

Pull request: #20000 contributed by remmons-r7

Path: gather/crushftp_authbypass_cve_2025_2825

AttackerKB reference: CVE-2025-2825


Description: Adds an auxiliary module leveraging CVE-2025-2825, an authentication bypass in CrushFTP 11 < 11.3.1 and 10 < 10.8.4, to obtain working session cookies for the target user account.


Appsmith RCE


Authors: Takahiro Yokoyama and Whit Taylor (Rhino Security Labs)

Type: Exploit

Pull request: #20007 contributed by Takahiro-Yoko

Path: linux/http/appsmith_rce_cve_2024_55964

AttackerKB reference: CVE-2024-55964


Description: This module adds an exploit for CVE-2024-55964, a misconfigured PostgreSQL instance in Appsmith, which can lead to remote code execution (RCE).


Pandora FMS authenticated command injection leading to RCE via chromium_path or phantomjs_bin


Author: h00die-gr3y(https://github.com/h00die-gr3y)

Type: Exploit

Pull request: #20008 contributed by h00die-gr3y

Path: linux/http/pandora_fms_auth_rce_cve_2024_12971

AttackerKB reference: CVE-2024-12971


Description: Module for CVE-2024-12971, command injection in directory settings for PandoraFMS. The module requires admin credentials, but if MySQL with default credentials is exposed, the module creates a new admin profile.


Oracle Access Manager unauthenticated Remote Code Execution


Authors: Jang, Peterjson, Y4er, and sfewer-r7

Type: Exploit

Pull request: #19994 contributed by sfewer-r7

Path: multi/http/oracle_access_manager_rce_cve_2021_35587

AttackerKB reference: CVE-2021-35587


Description: This adds an exploit module for CVE-2021-35587, an unauthenticated deserialization vulnerability affecting Oracle Access Manager (OAM).


pgAdmin Query Tool authenticated RCE (CVE-2025-2945)


Authors: jheysel-r7 and pyozzi-toss

Type: Exploit

Pull request: #20018 contributed by jheysel-r7

Path: multi/http/pgadmin_query_tool_authenticated

AttackerKB reference: CVE-2025-2945


Description: A new module for CVE-2025-2945, authenticated remote code execution in pgAdmin. The vulnerability lies within the Query Tool. For successful exploitation, an attacker needs a set of valid credentials for pgAdmin and credentials for the target database.


Enhancements and features (5)



  • #20003 from zeroSteiner - Adds support for the LDAP protocol within RHOSTS, for example: use auxiliary/gather/ldap_query and run ldap://domain.local;Administrator:[email protected]/dc=domain,dc=local action=ENUM_ACCOUNTS.

  • #20006 from cgranleese-r7 - Adds additional metadata to the phpbb_highlight and ms10_061_spoolss modules.

  • #20015 from adfoster-r7 - Metasploit will now no longer attempt to load external modules with unsupported runtimes as it caused crashes to occur. Now users are notified if they are required to install Go or Python3.

  • #20019 from adfoster-r7 - Improves metadata and enhances the APIs for extracting HTTP compatible login scanners.

  • #20024 from cgranleese-r7 - Adds a new sslkeylogfile datastore option to HTTP modules to support decrypting SSL/TLS network traffic.


Bugs fixed (1)



  • #20013 from sjanusz-r7 - Fixes a crash when using the module search cache with an integer.


Documentation


You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.


Get it


As always, you can update to the latest Metasploit Framework with msfupdate

and you can get more details on the changes since the last blog post from

GitHub:



If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.

To install fresh without using git, you can use the open-source-only Nightly Installers or the

commercial edition Metasploit Pro




Source: Rapid7
Source Link: https://blog.rapid7.com/2025/04/11/metasploit-weekly-wrap-up-04-11-2025/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Red Team (CNA)


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.