Newsy.co

Metasploit Weekly Wrap-Up: 02/28/2025

New module content (5)

mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)

Metasploit Weekly Wrap-Up: 02/28/2025

Author: Michael Heinzl
Type: Auxiliary
Pull request: #19878 contributed by h4x-x0r
Path: admin/scada/mypro_mgr_creds
AttackerKB reference: CVE-2025-22896

Description: This module adds credential harvesting for MySCADA MyPro Manager using CVE-2025-24865 and CVE-2025-22896.

NetAlertX File Read Vulnerability

Authors: chebuya and msutovsky-r7
Type: Auxiliary
Pull request: #19881 contributed by msutovsky-r7
Path: scanner/http/netalertx_file_read
AttackerKB reference: CVE-2024-48766

Description: This adds an auxiliary module allowing arbitrary file read on vulnerable (CVE-2024-48766) NetAlertX targets.

SimpleHelp Path Traversal Vulnerability CVE-2024-57727

Authors: horizon3ai, imjdl, and jheysel-r7
Type: Auxiliary
Pull request: #19894 contributed by jheysel-r7
Path: scanner/http/simplehelp_toolbox_path_traversal
AttackerKB reference: CVE-2024-57727

Description: This adds an auxiliary module for SimpleHelp; the vulnerability (CVE-2024-57727) is a path traversal which allows arbitrary file read.

Invoice Ninja unauthenticated PHP Deserialization Vulnerability

Authors: Mickaël Benassouli, Rémi Matasse, and h00die-gr3y
Type: Exploit
Pull request: #19897 contributed by h00die-gr3y
Path: linux/http/invoiceninja_unauth_rce_cve_2024_55555
AttackerKB reference: CVE-2024-55555

Description: This adds an exploit module for Invoice Ninja, the vulnerability (CVE-2024-55555) is an unauthenticated RCE exploitable by having the APP_KEY value for the Laravel installation.

RaspberryMatic unauthenticated Remote Code Execution vulnerability through HMServer File Upload.

Authors: h00die-gr3y and h0ng10
Type: Exploit
Pull request: #19841 contributed by h00die-gr3y
Path: linux/http/raspberrymatic_unauth_rce_cve_2024_24578
AttackerKB reference: CVE-2024-24578

Description: Adds support for CVE-2024-24578, an unauthenticated file write and ZipSlip vulnerability allowing attackers to upload a compressed file that will not be bounds-checked and expanded automatically, allowing the overwrite of arbitrary files. In this case, we overwrite the watchdog script, run by a cron job every 5 minutes.

Bugs fixed (1)

  • #19893 from bwatters-r7 - This removes a CVE reference from an LPE because the vulnerability identified by the CVE is not exploited in the LPE module. The CVE was instead referring to an RCE which led to the discovery of the technique employed by the RCE. The LPE technique was never acknowledged by the vendor as a vulnerability.

Documentation

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

  • Pull Requests 6.4.50...6.4.51
  • Full diff 6.4.50...6.4.51

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro