The highlight of this release is a sophisticated trio of modules directed at FreePBX, alongside critical remote code execution (RCE) capabilities for Cacti and SmarterMail.
This update underscores the continued risk posed by chaining authentication bypass flaws with secondary vulnerabilities to achieve full system compromise.
The most significant addition to the framework involves three distinct modules targeting FreePBX, an open-source GUI that controls Asterisk (PBX). Researchers Noah King and msutovsky-r7 have developed a method to chain multiple vulnerabilities to escalate privileges from an unauthenticated state to remote code execution.
The attack chain begins with CVE-2025-66039, an authentication bypass vulnerability that allows unauthorized actors to circumvent login protocols. Once the authentication barrier is breached, the framework offers two distinct paths to RCE.
The first exploit path leverages a SQL injection vulnerability identified as CVE-2025-61675. By injecting malicious SQL commands, an attacker can manipulate the database to insert a new job into the cron_job table, effectively scheduling the execution of arbitrary code.
Alternatively, the second module exploits CVE-2025-61678, an unrestricted file upload flaw present in the firmware upload function. This allows the attacker to upload a webshell directly to the server, granting immediate control.
A third auxiliary module in this set utilizes the same SQL injection flaw to simply create a rogue administrator account, demonstrating the versatility of the exploit chain.
Beyond the VoIP sector, the update addresses severe flaws in monitoring and communication platforms. A new module targets Cacti, a popular network monitoring tool, specifically exploiting CVE-2025-24367.
This vulnerability affects versions prior to 1.2.29 and permits unauthenticated remote code execution via the graph template mechanism. Given Cacti’s widespread use in infrastructure monitoring, this module represents a high-priority test case for network administrators.
Simultaneously, the framework has added support for exploiting CVE-2025-52691 in SmarterTools SmarterMail. This unauthenticated file upload vulnerability relies on path traversal manipulation within the guid variable.
The module is notably versatile regarding the underlying operating system. If the target is running Windows, the exploit drops a webshell in the webroot directory. Conversely, if the target is a Linux environment, it achieves persistence and execution by creating a cron job in /etc/cron.d.
The release also enhances post-exploitation capabilities with new persistence modules. A new Burp Suite extension persistence module allows attackers to install a malicious extension on both the Pro and Community versions, causing it to execute whenever the user launches the application. Additionally, the team has consolidated Windows and Linux SSH key persistence into a single, unified module to streamline operations.
On the maintenance front, several critical bugs were addressed. A formatting issue that prevented hash data from being compatible with the John the Ripper password cracker has been resolved.
Furthermore, a logic error in the SSH login scanner, which previously reported successful logins as failures when sessions could not be opened, has been fixed to ensure accurate reporting during engagements.
| Module Name | CVE ID | Target System | Impact |
|---|---|---|---|
| FreePBX Endpoint SQLi | CVE-2025-66039, CVE-2025-61675 | FreePBX | Remote Code Execution |
| FreePBX Firmware Upload | CVE-2025-66039, CVE-2025-61678 | FreePBX | Remote Code Execution |
| FreePBX Admin Creation | CVE-2025-66039, CVE-2025-61675 | FreePBX | Privilege Escalation |
| Cacti Graph Template RCE | CVE-2025-24367 | Cacti (< 1.2.29) | Remote Code Execution |
| SmarterMail GUID Upload | CVE-2025-52691 | SmarterMail | Remote Code Execution |
| Burp Extension Persistence | N/A | Burp Suite | Persistence |
| SSH Key Persistence | N/A | Linux / Windows | Persistence |
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Metasploit Releases 7 New Exploit Modules covering FreePBX, Cacti and SmarterMail appeared first on Cyber Security News.
WASHINGTON (AP) — President Donald Trump made new threats to escalate strikes in Iran on…
EASTHAMPTON — In an effort to create a clearer and more cohesive downtown, the city…
SHUTESBURY — Shutesbury officials are continuing to take corrective action following the recent release of…
AMHERST — After breakfast each morning, Amherst Regional High School sophomore Ra-Star Ferreira rode on…
DEERFIELD — With a tough budget year ahead, Deerfield officials are discussing the need for…
SUNDERLAND — Discussion on the proposal for a 9,100-square-foot Dollar General on the corner of…
This website uses cookies.