Metasploit Pro Recent Releases / May 01, 2025

May 01, 20254.22.7-2025050101

Enhancements and features

  • Pro: Updates the Manage Credentials page to add PKCS#12 metadata. This also enables the user to download the associated .pfx file.
  • Pro: Adds additional reason details when detecting host and port details to the discovery scan task log.
  • Pro: Adds the ability to show the settings that were used as part of a task run, as well as adding additional UI links for replaying previously run tasks or MetaModules
  • #19760 - This introduces a new "certs" command that allows users to manage and display Pkcs12 certificates stored in the credentials database, with options for searching, exporting, activating, and deleting certificates. It also enables automatic Pkcs12-based Kerberos (and Schannel) authentication through PKINIT when no Kerberos ticket is cached, streamlining TGT acquisition using existing certificates. This enhances both usability and flexibility when working with certificate-based authentication workflows.
  • #20028 - This change modifies existing pgAdmin modules by replacing some functionalities with new library for pgAdmin.
  • #20077 - Update haraka module to work with newer Python 3.12 and above.
  • #20097 - This updates the behavior of msfconsole's run command to allow the action name to be set in the same way as other datastore options, e.g. run ACTION=SHOW.

New module content

  • #20017 - This updates and renames the ldap_hashdump module to ldap_passwords, extending its functionality to extract secrets used by LAPSv1 and LAPSv2 in Active Directory environments, alongside existing LDAP implementations. It simplifies usage by unifying techniques under one module and avoids requiring users to fingerprint the server type. Associated tests were also updated to include AD-specific data using Samba as a test LDAP server.
  • #20046 - This adds an exploit module for an insecure deserialization in BentoML's runner server which leads to unauthenticated RCE. Versions prior to 1.4.8 but after 1.0.0a1 are affected. This vulnerability is being tracked as CVE-2025-32375.
  • #20052 - Moves the module exploits/dialup/multi/login/manyargs to exploits/solaris/dialup/manyargs as this module is now categorized based on platform (solaris) not transport (dialup).
  • #20081 - Adds a new exploit/multi/http/wondercms_rce module which exploits CVE-2023-41425 - a file upload vulnerability. The module will authenticate against application using a given password and then creates a zip file with malicious PHP file. The module then uploads a zip file, which gets automatically parsed into /themes directory.
  • #20085 - This adds an exploit module for Craft CMS. The attack is possible via the image transform endpoint, which allows the injection of a PHP payload into the Craft session. (CVE-2025-32432).

Enhanced Modules

Modules which have either been enhanced, or renamed:

  • #20044 - Adds a target to the service_permissions module supporting CVE-2025-21293, allowing a lower privileged user to add a DLL entry to HKLM\System\CurrentControlSet\Services\Dnscache\ and coerce execution of the DLL as system.

Bugs fixed

  • Pro: Fixes a bug which stopped reports from rendering in the browser.
  • #19938 - This updates the Meterpreter extapi extension's handling of clipboard data from the target host. For more information about this issue, please see the Metasploit Wrap Up for 02 May 2025.
  • #20051 - Fixes out of date metadata for the exploits/dialup/multi/login/manyargs module, and fixes a logic bug code when handling bad characters.
  • #20063 - Updates Ruby pingback payloads to correctly close the opened socket after use.
  • #20064 - Fixes IPv6 support in the cmd/unix/reverse_php_ssl payload.

Offline Update

Metasploit Framework and Pro Installers