Aug 04, 2025
4.22.8-2025080401
Adds multiple improvements and support for Active Directory Certificate Services (AD CS) workflows and exploitation.
Aug 04, 2025
4.22.8-2025080401
Adds multiple improvements and support for Active Directory Certificate Services (AD CS) workflows and exploitation.
Jul 30, 2025
4.22.8-2025073001
This release adds 5 new modules, enhances 1 module, and fixes 1 bug. It includes new modules for Xorcom CompletePBX vulnerabilities, a WordPress SQL injection gather module, and fileformat modules for Windows Registry and JScript files.
Jul 18, 2025
4.22.8-2025071801
This release adds 6 new modules and includes fixes to the Quick PenTest wizard, improved vulnerability attempt tracking, security updates and module bug fixes.
Jun 30, 2025
4.22.8-2025063001
Introduces four new RCE exploit modules targeting vulnerabilities in vBulletin, WP Tatsu, Window's UNC path handling in .url files, and more.
Jun 19, 2025
4.22.7-2025061901
This version improves logging when running msfupdate on Linux environments.
Jun 12, 2025
4.22.7-2025061201
This version introduces 24 new modules, including RCEs for Ivanti EPM and Connect Secure, and Kerberos attack modules. It also features one enhanced module, 16 general enhancements (e.g., UI improvements, SOCKS5H support, Kerberoast and ASREP roasting additions), and 25 bug fixes covering various crashes, UI issues, and module functionalities.
May 22, 2025
4.22.7-2025052201
Fixes a crash when loading the exploit scan page, as well as other stability improvements.
May 12, 2025
4.22.7-2025051201
Introduces several enhancements, including improved web app testing with server name indication support, auxiliary module now show in in the related modules tab, and customizable Nmap host discovery options. New modules include exploits for CVE-2025-32433 and CVE-2025-2264, alongside a login scanner for OPNSense, and more.
May 01, 2025
4.22.7-2025050101
This release adds workflow improvements for replaying tasks, and storing PKCS#12 files as credentials in the Manage Credentials page. Improvements have been added for LDAP Active Directory secret extraction, as well as introducing new modules for exploiting BentoML (CVE-2025-32375), Craft CMS (CVE-2025-32432), and more.
Apr 21, 2025
4.22.7-2025042101
This release adds clearer error messages for invalid Nexpose console configuration, additional insights into the HTTP/HTTPS bruteforce targets, a new card view for module search, and fixes and improvements to the backup restoration process, as well as overall service stability when booting. This release also adds support for multiple new exploit modules targeting CrushFTP, pgAdmin, Oracle Access Manager (OAM), and more.