We want to hear from you!
Over the next few weeks, we’ll continue to put out user surveys on X as well as Mastodon so you can respond to some of the questions that will help us understand what you want and need from Metasploit Framework! We will also have a survey on our website during DEF CON and for part of August to get additional feedback from all of you. Keep an eye out!
New module content (5)
WordPress Photo Gallery Plugin SQL Injection (CVE-2022-0169)
Authors: Krzysztof Zając, Valentin Lobstein, and X3RX3S Type: Auxiliary Pull request: #20375 contributed by Chocapikk Path: gather/wp_photo_gallery_sqli AttackerKB reference: CVE-2022-0169
Description: This adds a gather module for CVE-2022-0169, an unauthenticated SQL injection in the Photo Gallery by 10Web plugin (≤ 1.6.0), which will provide Metasploit users with WordPress usernames and password hashes when run successfully.
Xorcom CompletePBX Arbitrary File Read and Deletion via systemDataFileName
uthor: Valentin Lobstein Type: Auxiliary Pull request: #20338 contributed by Chocapikk Path: scanner/http/xorcom_completepbx_diagnostics_file_read AttackerKB reference: CVE-2025-30005
Description: This pull request adds support for three authenticated vulnerabilities existing in Xorcom CompletePBX before version 5.2.35. It introduces two auxiliary modules for arbitrary file disclosure (CVE-2025-2292) and diagnostics archive extraction (CVE-2025-30005), as well as one exploit module for remote code execution as root via the scheduler interface (CVE-2025-30004).
Xorcom CompletePBX Authenticated File Disclosure via Backup Download
Author: Valentin Lobstein Type: Auxiliary Pull request: #20338 contributed by Chocapikk Path: scanner/http/xorcom_completepbx_file_disclosure AttackerKB reference: CVE-2025-2292
Description: This pull request adds support for three authenticated vulnerabilities existing in Xorcom CompletePBX before version 5.2.35. It introduces two auxiliary modules for arbitrary file disclosure (CVE-2025-2292) and diagnostics archive extraction (CVE-2025-30005), as well as one exploit module for remote code execution as root via the scheduler interface (CVE-2025-30004).
Xorcom CompletePBX Authenticated Command Injection via Task Scheduler
Author: Valentin Lobstein Type: Exploit Pull request: #20338 contributed by Chocapikk Path: linux/http/xorcom_completepbx_scheduler AttackerKB reference: CVE-2025-30004
Description: This pull request adds support for three authenticated vulnerabilities existing in Xorcom CompletePBX before version 5.2.35. It introduces two auxiliary modules for arbitrary file disclosure (CVE-2025-2292) and diagnostics archive extraction (CVE-2025-30005), as well as one exploit module for remote code execution as root via the scheduler interface (CVE-2025-30004).
Malicious Windows Registration Entries (.reg) File
Author: bcoles Type: Exploit Pull request: #20384 contributed by bcoles Path: windows/fileformat/windows_registration_entries
Description: This adds a fileformat module for Windows Registration Entries. The module will drop a malicious .reg file. When clicked on by the user, it will add payload into Windows Registry. The payload will run upon login of the current user.
Documentation
You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro