module

LINQPad Deserialization

Disclosed	Created
Dec 3, 2024	Nov 11, 2025

Disclosed

Dec 3, 2024

Created

Nov 11, 2025

Description

This module exploits a bug in LIQPad up to version 5.48.00. The bug is only exploitable in paid version of software. The core of a bug is cache file containing deserialized data, which attacker can overwrite with malicious payload. The data gets deserialized every time the app restarts.

Authors

msutovsky-r7 [email protected]
James Williams

Platform

Windows

Architectures

cmd

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use exploit/windows/persistence/linqpad_deserialization
    msf exploit(linqpad_deserialization) > show targets
        ...targets...
    msf exploit(linqpad_deserialization) > set TARGET < target-id >
    msf exploit(linqpad_deserialization) > show options
        ...show and set options...
    msf exploit(linqpad_deserialization) > exploit

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report