Back to Blog
Products and Tools

Metasploit Weekly Wrap-Up 09/25/2025

Simon Janusz
Simon Janusz
|Last updated on Sep 5, 2025|xx min read
LinkedInFacebookX
Metasploit Weekly Wrap-Up 09/25/2025

Persistence Improvements and Exploits

This week, the Metasploit team and the community has made improvements to some persistence modules such as Bash, which improves how they function behind the scenes. They have also been tagged with MITRE ATT&CK techniques.

A new exploit has also been added this week targeting the sudo binary, allowing for local privilege escalation due to the interaction between the --chroot flag and the /etc/nsswitch.conf file.

New module content (4)

Sudo Chroot 1.9.17 Privilege Escalation

Authors: Rich Mirch, Stratascale, and msutovsky-r7

Type: Exploit Pull request: #20376 contributed by msutovsky-r7 

Path: linux/local/sudo_chroot_cve_2025_32463 

AttackerKB reference: CVE-2025-32463

Description: Adds a module targeting CVE-2025-32463, a local privilege escalation vulnerability in sudo before version 1.9.17p1. The exploit requires a C compiler to be present on the target machine.

Bash Profile Persistence

Author: Michael Long [email protected] 

Type: Exploit

Pull request: #20504 contributed by h00die 

Path: linux/persistence/bash_profile

Description: Moves the bash profile exploit module into persistence category. It leverages new functionality for persistence modules, by adding persistence mixin.

Remote Code Execution Vulnerability in XWiki Platform (CVE-2025-24893)

Authors: John Kwak and Maksim Rogov

Type: Exploit Pull request: #20493 contributed by vognik 

Path: multi/http/xwiki_unauth_rce_cve_2025_24893 

AttackerKB reference: CVE-2025-24893

Description: This adds a new exploit module for XWiki unauthenticated remote code execution - CVE-2025-24893.

Periodic Script Persistence

Authors: gardnerapp and msutovsky-r7

Type: Exploit

Pull request: #19903 contributed by gardnerapp 

Path: multi/local/periodic_script_persistence

Description: This adds a module for periodic script persistence. The module creates periodic script on system supporting that functionality - i.e. BSD system and OSX.

Enhancements and features (2)

  • #20490 from zeroSteiner - This adds a new HTTP::Auth option to HTTP modules, adding the capability to define specific authentication mechanisms, such as ntlm or, most notably, kerberos.
  • #20504 from h00die - This moves the bash profile exploit module into persistence category. It leverages new functionality for persistence modules, by adding persistence mixin.

Bugs fixed (2)

  • #20500 from cgranleese-r7 - Fixes a bug with msfconsole when the user provided database connection URL string contained query parameters.
  • #20505 from randomstr1ng - This fixes a bug in sap_router_portscanner module.

Documentation

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro

Article Tags

Simon Janusz
Simon Janusz
Author Posts

Related blog posts