Newsy.co

Metasploit Wrap-Up 04/18/2025

Smaller Fetch Payloads

Metasploit Wrap-Up 04/18/2025

This week, a significant enhancement was made to the already awesome fetch payload feature by our very own bwatters-r7. The improvement introduces a new option, PIPE_FETCH, which optimizes the process by serving both the payload and the command to be executed simultaneously.

This enhancement directly addresses the challenge of limited space by significantly reducing the size of the command that needs to be run. The PIPE_FETCH option works by initially generating a small command. When this compact command is executed, it fetches the actual, larger command that needs to be run. The fetched command is then directly piped into the shell, streamlining the execution process and making it feasible to use fetch payloads in scenarios where space constraints were previously a limitation.

New module content (2)

BentoML RCE

Authors: Takahiro Yokoyama and c2an1
Type: Exploit
Pull request: #20041 contributed by Takahiro-Yoko
Path: linux/http/bentoml_rce_cve_2025_27520
AttackerKB reference: CVE-2025-27520

Description: This adds a module for an unauthenticated remote code execution in BentoML (CVE-2025-27520).

Langflow AI RCE

Authors: Naveen Sunkavally (Horizon3.ai) and Takahiro Yokoyama
Type: Exploit
Pull request: #20022 contributed by Takahiro-Yoko
Path: multi/http/langflow_unauth_rce_cve_2025_3248
AttackerKB reference: CVE-2025-3248

Description: This adds a module for CVE-2025-3248, an unauthenticated RCE vulnerability that affects Langflow versions prior to 1.3.0.

Enhancements and features (4)

  • #19982 from jvoisin - Updates the Linux enum_protections module to use proper names instead of executable names and add a file-based detection method.
  • #20031 from bcoles - Adds metadata and improves the code quality of multiple FreeBSD exploit modules.
  • #20032 from bcoles - Improves the code quality of multiple nops modules.
  • #20035 from bcoles - Enhances the code quality of multiple encoder modules.

Bugs fixed (3)

  • #20005 from fabpiaf - Fixes a LoadError when loading sqlite3 modules in Metasploit's Docker support.
  • #20036 from bcoles - Fixes an issue with the exploit/windows/local/unquoted_service_path module that previously claimed a file upload was successful regardless of whether the file upload was successful or not.
  • #20043 from adfoster-r7 - Update Open WAN-to-LAN proxy on AT&T routers error handling when an older Python version is detected.

Documentation

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

  • Pull Requests 6.4.57...6.4.58
  • Full diff 6.4.57...6.4.58

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro.