Tell us your whoami
Metasploit is seeking information about our users again. Come tell us about yourself and what you use Metasploit for on X (formerly Twitter) by casting your vote, voting closes on July 3rd, 2025. Each vote helps us better understand where Metasploit is being used in the community and helps guide our development to meet specific needs. Stay tuned for more polls as we continue to seek community feedback! We want to hear from you!
New module content (3)
vBulletin replaceAdTemplate Remote Code Execution
Authors: Egidio Romano (EgiX), Valentin Lobstein Type: Exploit Pull request: #20235 contributed by Chocapikk Path: exploit/multi/http/vbulletin_replace_ad_template_rce
Description: This adds an unauthenticated RCE module which exploits a flaw in vBulletin 5.0.0–6.0.3 on PHP 8.1+ by abusing the replaceAdTemplate AJAX endpoint. This vulnerability is identified as CVE-2025-48827.
Tatsu Wordpress Plugin RCE
Author: Vincent Michel, msutovsky-r7 Type: Exploit Pull request: #20301 contributed by msutovsky-r7 Path: exploit/multi/http/wp_tatsu_rce
Description: This adds an exploit module for file upload vulnerability in the WordPress Tatsu plugin (CVE-2021-25094).
CVE-2025-33053 Exploit via Malicious .URL File and WebDAV
Author: Alexandra Gofman, Alexandra Gofman, Dev Bui Hieu Type: Exploit Pull request: #20324 contributed by DevBuiHieu Path: exploit/windows/fileformat/unc_url_cve_2025_33053
Description: This adds a module for exploitation of CVE-2025-33053 which is a vulnerability in the handling of UNC paths contained in .url files. The module will drop a malicious .url file, which will reach out to an attacker-controlled SMB server where the payload is hosted. An attacker can gain RCE if they can force the user to click on this malicious .url file.
Enhancements and features (3)
- #20326 from 00nx - Updates the alias plugin to additionally output the total amount of aliases registered.
- #20327 from cgranleese-r7 - Adds a new -v option to the vulns command which will additionally show any related vuln attempts associated with a vulnerability.
- #20339 from bcoles - Makes multiple improvements to the exploits/windows/fileformat/ms_visual_basic_vbp module by adding additional notes, documentation, code quality improvements, and making stability and randomization improvements.
Bugs fixed (4)
- #20206 from adfoster-r7 - This fixes a build error for the Mettle payloads (Linux and OSX Meterpreters) on Mac OS.
- #20332 from todb - Updates the tools/modules/module_commits.rb tooling to support Python modules.
- #20336 from BitTheByte - Specify the correct architecture ARCH_CMD in exploit/linux/http/opennms_horizon_authenticated_rce. This fixes a bug where users were unable to specify a payload when using this module.
- #20337 from bcoles - Specify the correct architecture ARCH_CMD in exploit/linux/http/opentsdb_key_cmd_injection. This fixes a bug where users were unable to specify a payload when using this module.
Documentation
You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro