Metasploit Release Notes

Apr 06, 2025
4.22.7-2025040601

Enhances the module search capabilities, users can now search for fetch payloads and refine their search results with additional search terms. Adds support for replaying previously run modules and MetaModules from the tasklist view. Fixes multiple bugs including improvements for Linux targets. Adds new exploits targeting BeyondTrust, MySCADA, SCCM and more.

Feb 20, 2025
4.22.7-2025022001

Fixes outdated documentation links. Users can now right-click and paste wordlists into the bruteforce page. Includes fixes for the stop tasks button not visually updating the module status, and better error handling when failing to reset the user's password. Multiple enhancements for LDAP and ESC features including ESC15 patch detection within the `icpr_cert` module. New modules include support for targeting CraftCMS, LibreNMS, mySCADA, and more.

Jan 22, 2025
4.22.7-2025012201

The module run page now allows users to select between executing the check or run capabilities of a Metasploit module. This release also contains multiple stability improvements including reduced startup time, enhanced support for restoring backups on newer versions of Chrome, enhanced diagnostics tooling, and more.

Dec 06, 2024
4.22.7-2024120601

Multiple enhancements have been added to Metasploit Pro including improving the Quick Pentest functionality to include detecting unauthenticated Redis instances, adding support for bruteforcing TeamCity targets, and new exploit capabilities for OpenPrinting CUPS - which runs by default on most Linux distributions, and more.

Nov 19, 2024
4.22.6-2024111901

Updates the PostgreSQL version to 13. This upgrade may take more time than usual to complete.

Nov 14, 2024
4.22.5-2024111401

Adds additional logging and diagnostic tooling support for Metasploit Pro, as well 10 new modules including SolarWinds Web Help Desk (CVE-2024-28987) and more.

Nov 06, 2024
4.22.5-2024110601

Fixes an issue were users were unable to delete bulk credentials via the select all option when managing credentials for a project.

Oct 28, 2024
4.22.5-2024102801

This release updates the Ruby and nginx components of Metasploit Pro, and includes enhancements for ESC-15 and 4 new modules.

Oct 14, 2024
4.22.4-2024101401

We have updated Metasploit Pro's bruteforce capabilities to now support Kerberos scanning. We have also fixed multiple issues for Windows Server 2022 installations, as well as improved the installation time and bootup stability on all environments. This release also contains 8 new modules.

Sep 16, 2024
4.22.4-2024091601

We have updated Metasploit Pro's bruteforce capabilities to now support LDAP scanning. Metasploit Pro's network scanning capabilities have been improved. This release also includes 7 new modules, such as pgAdmin CVE-2024-3116, Ivanti Virtual Traffic Manager (vTM) CVE-2024-7593, and more. Users that are connecting to a Windows environment to perform their Metasploit Pro updates or installs (either via RDP, SSH, or similar) might have their connections to the server temporarily disconnect during this update - this is required to support the latest network scanning capabilities in Metasploit Pro.