Don’t forget to take the Metasploit User Engagement Survey!
We had an awesome time at DEF CON and Black Hat with our very own zeroSteiner and jheysel-r7 presenting on five different occasions! We announced our user engagement survey there, and would love for all of you to participate until the end of August 2025! This will help us so much in understanding what the future of Metasploit can and will be! Fill it out here!
New module content (3)
PivotX Remote Code Execution
Authors: HayToN and msutovsky-r7
Type: Exploit
Pull request: #20400 contributed by msutovsky-r7
Path: linux/http/pivotx_index_php_overwrite
AttackerKB reference: CVE-2025-52367
Description: This adds an exploit module leveraging an authenticated RCE in PivotX tracked as CVE-2025-52367. Authenticated users are able to overwrite the /pivotx/index.php endpoint with a php payload which gets executed in the context of the user running the web application. The module restores the original contents of the /pivotx/index.php endpoint once a session is established.
Wazuh server remote code execution caused by an unsafe deserialization vulnerability.
Authors: DanielFi and h00die-gr3y
Type: Exploit
Pull request: #20387 contributed by h00die-gr3y
Path: linux/http/wazuh_auth_rce_cve_2025_24016
AttackerKB reference: CVE-2025-24016
Description: This adds an exploit module for an authenticated RCE in Wazuh Servers tracked as CVE-2025-24016. Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers.
Windows Download Execute
Author: Muzaffer Umut ŞAHİN
Type: Payload (Single)
Pull request: #20386 contributed by xHector1337
Path: windows/x64/download_exec
Description: This adds a new payload; the payload/windows/x64/download_execute can be used to download and execute a binary over http, with a reduced code size.
Enhancements and features (2)
- #20445 from zeroSteiner - This update improves the ActiveDirectory mixin by skipping unnecessary LDAP lookups for the well-known local system SID (S-1-5-18). By handling it as a special case, repeated redundant queries are avoided, reducing noise in verbose logs and improving performance.
- #20451 from bcoles - This adds new fetch command - lwp-request GET. The command is currently enabled as an option for Linux targets.
Bugs fixed (3)
- #20458 from adfoster-r7 - Fixes a rendering issue within the Kerberos documentation.
- #20461 from adfoster-r7 - Improves the login summary for LDAP login module when LDAP::Auth=schannel is set, as well as fixing an edge-case error when the module was canceled before completion.
- #20462 from adfoster-r7 - Fixes a logging bug when handling Kerberos authentication errors.
Documentation
You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro
