Release Notes

New module content (4)

• #19952 - This adds a new module for obtaining NAA credentials from SCCM by authenticating through a relayed SMB connection.
• #19992 - This adds a login scanner module for OPNSense.
• #20060 - This adds a module which exploits CVE-2025-32433, a pre-authentication vulnerability in Erlang-based SSH servers that allows for remote command execution as the root user. By sending crafted SSH packets, it executes a Metasploit payload to establish a session on the target system.
• #20124 - This adds auxiliary module for CVE-2025-2264. The vulnerability is present in Sante PACS Server and allows an attacker to perform path traversal to read arbitrary files.

Enhancements and features (12)

• Pro: Adds the auxiliary/scanner/ldap/ldap_esc_vulnerable_cert_finder module to Metasploit Pros Quick Pentest feature.
• Pro: Adds truncated module descriptions to the module search page.
• Pro: Metasploit Pro will now show auxiliary modules in the related modules tabs for vulnerabilities, previously only exploit modules were shown.
• Pro: Updates the Web App Test wizard to work against modern TLS versions. The crawler user agent has also been updated to a modern value to increase the chances of bypassing a web application firewall which was previously blocking the older user agent value.
• Pro: Adds more user configurable host discovery options for Nmap scans.
• Pro: Updates the webcrawler scans to support a user-provided customer User Agent value and HTTP tracing functionality for debugging purposes.
• #20027 - This adds support for Shodan facets.
• #20115 - Updates multiple HTTPS modules to support a new SSLKeyLogFile option, which facilitatesdecrypting messages exchanged by TLS. This can be used in diagnostic and logging tools that use this file - such as Wireshark.
• #20116 - This adds support for .library-ms files in Windows SMB multi dropper.
• #20126 - This adds a Linux post-exploitation method to check Yama's ptrace_scope setting. It removes a round trip required to obtain the scope value making modules that require knowing it to run slightly faster.
• #20127 - This improves the start up time of msfconsole when run with the default options by not sorting module options at load time.
• #20173 - Updates the web crawling modules to support HTTP logging.

Bugs fixed (4)

• #20118 - This fixes the target option for smb_to_ldap module. The option RELAY_TARGETS is now outdated, RHOSTS should be used instead.
• #20120 - This fixes typos across many Windows post-exploit modules and adds missing metadata.
• #20128 - This fixes an IP address assignment in the auxiliary/bnat/bnat_router module.
• #20148 - This fixes an issue where SSL connections made by Metasploit would fail when the Server Name Indicator (SNI) extension was in use.

Offline Update

• https://updates.metasploit.com/packages/7318d9e97ecc23fa2e3a3025f39c9b31df07b5c2296c25e28ae165b77a7e4dad.bin

Metasploit Framework and Pro Installers

• https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version