Post Syndicated from Diego Ledda original https://blog.rapid7.com/2025/02/21/metasploit-weekly-wrap-up-46/

BeyondTrust and Fetch Payload

This Metasploit release includes an exploit module that chains two vulnerabilities, one exploited in the wild by APT groups and another one, a 0-day discovered by Rapid7 during the vulnerability analysis.
In addition to that, a significant improvement was made to Fetch-Payloads by adding support for the ppc, mips and arm architectures. This allows the payloads to be used in exploits that commonly target embedded systems.

New module content (3)

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution

Author: sfewer-r7
Type: Exploit
Pull request: #19877 contributed by sfewer-r7
Path: linux/http/beyondtrust_pra_rs_unauth_rce
AttackerKB reference: CVE-2025-1094

Description: The module exploits two bugs CVE-2024-12356 and CVE-2025-1094, an argument injection in BeyondTrust code base and SQL injection in PostgreSQL code base, respectively.

InvokeAI RCE

Authors: Takahiro Yokoyama and jackfromeast
Type: Exploit
Pull request: #19883 contributed by Takahiro-Yoko
Path: linux/http/invokeai_rce_cve_2024_12029
AttackerKB reference: CVE-2024-12029

Description: This adds an exploit module for InvokeAI unauth RCE (CVE-2024-12029).

Fetch Payload Update

Authors: Adam Cammack [email protected], Brendan Watters, and Spencer McIntyre
Type: Payload
Pull request: #19850 contributed by bwatters-r7

Description: This extends the fetch-payload support for aarch64, armbe, armle, mipsbe, mipsle, ppc, ppc64 and ppc64le payloads.

Enhancements and features (3)

• #19884 from adfoster-r7 – Add OSVDB search functionality to msfconsole e.g. search osvdb:67241.
• #19885 from adfoster-r7 – Improve msfconsole’s module search performance by caching search regexes.
• #19887 from adfoster-r7 – Updates the reload_lib command to ignore Gemfiles.

Bugs fixed (3)

• #19810 from h00die – Adds a verification to the file content checks so that we don’t crash when trying to open files that do not exist and adds proper CVE to references section now that a CVE exists.
• #19871 from bwatters-r7 – This fix the ELF template file for Linux aarch64 payloads.
• #19875 from dledda-r7 – Adds a fix for the odd behavior of the read syscall on Raspberrypi 4b. For some reason, on the Raspberry Pi 4B, the data read from the socket is not present immediately after the read syscall, so we added a sync syscall. This behavior is not present in Raspberry Pi 3, Raspberry Pi 5, emulators, or Microsoft’s AARCH64 Devkit.

Documentation

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

• Pull Requests 6.4.49…6.4.50
• Full diff 6.4.49…6.4.50

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro