New module content (2)
Pretalx Arbitrary File Read/Limited File Write
Authors: Stefan Schiller and msutovsky-r7
Type: Auxiliary and
Exploit Pull request: #20480 contributed by msutovsky-r7
Path: auxiliary/scanner/http/pretalx_file_read_cve_2023_28459 and exploit/linux/http/pretalx_rce_cve_2023_28458
AttackerKB reference: CVE-2023-28458
Description: Adds two modules: one remote exploitation module targeting CVE-2023-28458, an authenticated limited file write, and a second auxiliary scanner module targeting CVE-2023-28459, an authenticated file read vulnerability.
Remote for Mac 2025.6 Unauthenticated UDP Keyboard RCE
Author: Chokri Hammedi
Type: Exploit Pull request: #20266 contributed by blue0x1
Path: osx/misc/remote_for_mac_udp_rce
Description: This adds an exploit module for UDP keyboard misconfiguration in Remote For Mac, up to version 2025.7. The module will send a sequence of UDP packets to Remote For Mac, which will interpret them as keyboard strokes.
Enhancements and features (1)
- #20488 from mwalas-r7 - This updates the auxiliary/scanner/ssl/ssl_version module to use the rex-sslscan gem to check for additional ciphers that can be negotiated with the target. This results in a more comprehensive test.
Bugs fixed (1)
- #20489 from 2tunnels - This fixes an issue with the exploit for CVE-2023-43654 that was preventing the exploit requests from being served.
Documentation
You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro
