The newest replace to the Metasploit Framework this week offers a major enhancement for penetration testers and pink teamers, introducing seven new exploit modules concentrating on generally used enterprise software program.
The spotlight of this launch is a complicated trio of modules directed at FreePBX, alongside important distant code execution (RCE) capabilities for Cacti and SmarterMail.
This replace underscores the continued threat posed by chaining authentication bypass flaws with secondary vulnerabilities to realize full system compromise.
FreePBX Vulnerability Chaining
Probably the most vital addition to the framework entails three distinct modules concentrating on FreePBX, an open-source GUI that controls Asterisk (PBX). Researchers Noah King and msutovsky-r7 have developed a way to chain a number of vulnerabilities to escalate privileges from an unauthenticated state to distant code execution.
The assault chain begins with CVE-2025-66039, an authentication bypass vulnerability that permits unauthorized actors to bypass login protocols. As soon as the authentication barrier is breached, the framework provides two distinct paths to RCE.
The primary exploit path leverages a SQL injection vulnerability recognized as CVE-2025-61675. By injecting malicious SQL instructions, an attacker can manipulate the database to insert a brand new job into the cron_job desk, successfully scheduling the execution of arbitrary code.
Alternatively, the second module exploits CVE-2025-61678, an unrestricted file add flaw current within the firmware add operate. This permits the attacker to add a webshell on to the server, granting rapid management.
A 3rd auxiliary module on this set makes use of the identical SQL injection flaw to easily create a rogue administrator account, demonstrating the flexibility of the exploit chain.
Essential RCE in Cacti and SmarterMail
Past the VoIP sector, the replace addresses extreme flaws in monitoring and communication platforms. A brand new module targets Cacti, a well-liked community monitoring instrument, particularly exploiting CVE-2025-24367.
This vulnerability impacts variations previous to 1.2.29 and permits unauthenticated distant code execution by way of the graph template mechanism. Given Cacti’s widespread use in infrastructure monitoring, this module represents a high-priority check case for community directors.
Concurrently, the framework has added help for exploiting CVE-2025-52691 in SmarterTools SmarterMail. This unauthenticated file add vulnerability depends on path traversal manipulation throughout the guid variable.
The module is notably versatile concerning the underlying working system. If the goal is operating Home windows, the exploit drops a webshell within the webroot listing. Conversely, if the goal is a Linux surroundings, it achieves persistence and execution by making a cron job in /and so forth/cron.d.
The discharge additionally enhances post-exploitation capabilities with new persistence modules. A brand new Burp Suite extension persistence module permits attackers to put in a malicious extension on each the Professional and Neighborhood variations, inflicting it to execute at any time when the consumer launches the applying. Moreover, the staff has consolidated Home windows and Linux SSH key persistence right into a single, unified module to streamline operations.
On the upkeep entrance, a number of important bugs have been addressed. A formatting concern that prevented hash knowledge from being appropriate with the John the Ripper password cracker has been resolved.
Moreover, a logic error within the SSH login scanner, which beforehand reported profitable logins as failures when periods couldn’t be opened, has been fastened to make sure correct reporting throughout engagements.
Module NameCVE IDTarget SystemImpactFreePBX Endpoint SQLiCVE-2025-66039, CVE-2025-61675FreePBXRemote Code ExecutionFreePBX Firmware UploadCVE-2025-66039, CVE-2025-61678FreePBXRemote Code ExecutionFreePBX Admin CreationCVE-2025-66039, CVE-2025-61675FreePBXPrivilege EscalationCacti Graph Template RCECVE-2025-24367Cacti (< 1.2.29)Distant Code ExecutionSmarterMail GUID UploadCVE-2025-52691SmarterMailRemote Code ExecutionBurp Extension PersistenceN/ABurp SuitePersistenceSSH Key PersistenceN/ALinux / WindowsPersistence
Comply with us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.
