Metasploit Release Notes

Jun 30, 2025
4.22.8-2025063001

Introduces four new RCE exploit modules targeting vulnerabilities in vBulletin, WP Tatsu, Window's UNC path handling in .url files, and more.

Jun 19, 2025
4.22.7-2025061901

This version improves logging when running msfupdate on Linux environments.

Jun 12, 2025
4.22.7-2025061201

This version introduces 24 new modules, including RCEs for Ivanti EPM and Connect Secure, and Kerberos attack modules. It also features one enhanced module, 16 general enhancements (e.g., UI improvements, SOCKS5H support, Kerberoast and ASREP roasting additions), and 25 bug fixes covering various crashes, UI issues, and module functionalities.

May 22, 2025
4.22.7-2025052201

Fixes a crash when loading the exploit scan page, as well as other stability improvements.

May 12, 2025
4.22.7-2025051201

Introduces several enhancements, including improved web app testing with server name indication support, auxiliary module now show in in the related modules tab, and customizable Nmap host discovery options. New modules include exploits for CVE-2025-32433 and CVE-2025-2264, alongside a login scanner for OPNSense, and more.

May 01, 2025
4.22.7-2025050101

This release adds workflow improvements for replaying tasks, and storing PKCS#12 files as credentials in the Manage Credentials page. Improvements have been added for LDAP Active Directory secret extraction, as well as introducing new modules for exploiting BentoML (CVE-2025-32375), Craft CMS (CVE-2025-32432), and more.

Apr 21, 2025
4.22.7-2025042101

This release adds clearer error messages for invalid Nexpose console configuration, additional insights into the HTTP/HTTPS bruteforce targets, a new card view for module search, and fixes and improvements to the backup restoration process, as well as overall service stability when booting. This release also adds support for multiple new exploit modules targeting CrushFTP, pgAdmin, Oracle Access Manager (OAM), and more.

Apr 06, 2025
4.22.7-2025040601

Enhances the module search capabilities, users can now search for fetch payloads and refine their search results with additional search terms. Adds support for replaying previously run modules and MetaModules from the tasklist view. Fixes multiple bugs including improvements for Linux targets. Adds new exploits targeting BeyondTrust, MySCADA, SCCM and more.

Feb 20, 2025
4.22.7-2025022001

Fixes outdated documentation links. Users can now right-click and paste wordlists into the bruteforce page. Includes fixes for the stop tasks button not visually updating the module status, and better error handling when failing to reset the user's password. Multiple enhancements for LDAP and ESC features including ESC15 patch detection within the `icpr_cert` module. New modules include support for targeting CraftCMS, LibreNMS, mySCADA, and more.

Jan 22, 2025
4.22.7-2025012201

The module run page now allows users to select between executing the check or run capabilities of a Metasploit module. This release also contains multiple stability improvements including reduced startup time, enhanced support for restoring backups on newer versions of Chrome, enhanced diagnostics tooling, and more.