May 12, 2025
4.22.7-2025051201

Introduces several enhancements, including improved web app testing with server name indication support, auxiliary module now show in in the related modules tab, and customizable Nmap host discovery options. New modules include exploits for CVE-2025-32433 and CVE-2025-2264, alongside a login scanner for OPNSense, and more.

New module content (4)
Copy link

  • #19952  - This adds a new module for obtaining NAA credentials from SCCM by authenticating through a relayed SMB connection.
  • #19992  - This adds a login scanner module for OPNSense.
  • #20060  - This adds a module which exploits CVE-2025-32433, a pre-authentication vulnerability in Erlang-based SSH servers that allows for remote command execution as the root user. By sending crafted SSH packets, it executes a Metasploit payload to establish a session on the target system.
  • #20124  - This adds auxiliary module for CVE-2025-2264. The vulnerability is present in Sante PACS Server and allows an attacker to perform path traversal to read arbitrary files.

Enhancements and features (12)
Copy link

  • Pro: Adds the auxiliary/scanner/ldap/ldap_esc_vulnerable_cert_finder module to Metasploit Pros Quick Pentest feature.
  • Pro: Adds truncated module descriptions to the module search page.
  • Pro: Metasploit Pro will now show auxiliary modules in the related modules tabs for vulnerabilities, previously only exploit modules were shown.
  • Pro: Updates the Web App Test wizard to work against modern TLS versions. The crawler user agent has also been updated to a modern value to increase the chances of bypassing a web application firewall which was previously blocking the older user agent value.
  • Pro: Adds more user configurable host discovery options for Nmap scans.
  • Pro: Updates the webcrawler scans to support a user-provided customer User Agent value and HTTP tracing functionality for debugging purposes.
  • #20027  - This adds support for Shodan facets.
  • #20115  - Updates multiple HTTPS modules to support a new SSLKeyLogFile option, which facilitatesdecrypting messages exchanged by TLS. This can be used in diagnostic and logging tools that use this file - such as Wireshark.
  • #20116  - This adds support for .library-ms files in Windows SMB multi dropper.
  • #20126  - This adds a Linux post-exploitation method to check Yama’s ptrace_scope setting. It removes a round trip required to obtain the scope value making modules that require knowing it to run slightly faster.
  • #20127  - This improves the start up time of msfconsole when run with the default options by not sorting module options at load time.
  • #20173  - Updates the web crawling modules to support HTTP logging.

Bugs fixed (4)
Copy link

  • #20118  - This fixes the target option for smb_to_ldap module. The option RELAY_TARGETS is now outdated, RHOSTS should be used instead.
  • #20120  - This fixes typos across many Windows post-exploit modules and adds missing metadata.
  • #20128  - This fixes an IP address assignment in the auxiliary/bnat/bnat_router module.
  • #20148  - This fixes an issue where SSL connections made by Metasploit would fail when the Server Name Indicator (SNI) extension was in use.

Offline Update
Copy link

Metasploit Framework and Pro Installers
Copy link