New module content (1)
Remote Code Execution Vulnerability in MotionEye Frontend (CVE-2025-60787)
Authors: Maksim Rogov and prabhatverma47
Type: Exploit Pull request: #20585 contributed by vognik
Path: linux/http/motioneye_auth_rce_cve_2025_60787
AttackerKB reference: CVE-2025-60787
Description: Adds a module targeting CVE-2025-60787, an authenticated template injection vulnerability in MotionEye versions <= 0.43.1b4.
Enhancements and features (1)
#20621 from h00die - This updates and refactors the "periodic_script" persistence module to use new persistence mixin.
Bugs fixed (3)
#20608 from molecula2788 - Fixes a bug with the Windows PE Inject payload.
#20611 from bcoles - Fixes a bug in the exploit/multi/local/periodic_script_persistence module which caused issues for the Local Exploit Suggester.
#20546 from dwelch-r7 - This fixes multiple issues that were present in the auxiliary/scanner/ssh/ssh_login_pubkey module.
Documentation added (1)
You can always find more documentation on our docsite at docs.metasploit.com.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro
