This week's Metasploit Weekly Wrap-Up saw 5 new modules. One module adds credential harvesting for MySCADA MyPro Manager using CVE-2025-24865 & CVE-2025-22896.

New module content (5)

mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)

Author: Michael Heinzl

Type: Auxiliary

Pull request: #19878 contributed by h4x-x0r

Path: admin/scada/mypro_mgr_creds

AttackerKB reference: CVE-2025-22896

Description: This module adds credential harvesting for MySCADA MyPro Manager using CVE-2025-24865 and CVE-2025-22896.

NetAlertX File Read Vulnerability

Authors: chebuya and msutovsky-r7

Type: Auxiliary

Pull request: #19881 contributed by msutovsky-r7

Path: scanner/http/netalertx_file_read

AttackerKB reference: CVE-2024-48766

Description: This adds an auxiliary module allowing arbitrary file read on vulnerable (CVE-2024-48766) NetAlertX targets.

SimpleHelp Path Traversal Vulnerability CVE-2024-57727

Authors: horizon3ai, imjdl, and jheysel-r7

Type: Auxiliary

Pull request: #19894 contributed by jheysel-r7

Path: scanner/http/simplehelp_toolbox_path_traversal

AttackerKB reference: CVE-2024-57727

Description: This adds an auxiliary module for SimpleHelp; the vulnerability (CVE-2024-57727) is a path traversal which allows arbitrary file read.

Invoice Ninja unauthenticated PHP Deserialization Vulnerability

Authors: Mickaël Benassouli, Rémi Matasse, and h00die-gr3y

Type: Exploit

Pull request: #19897 contributed by h00die-gr3y

Path: linux/http/invoiceninja_unauth_rce_cve_2024_55555

AttackerKB reference: CVE-2024-55555

Description: This adds an exploit module for Invoice Ninja, the vulnerability (CVE-2024-55555) is an unauthenticated RCE exploitable by having the APP_KEY value for the Laravel installation.

RaspberryMatic unauthenticated Remote Code Execution vulnerability through HMServer File Upload.

Authors: h00die-gr3y and h0ng10

Type: Exploit

Pull request: #19841 contributed by h00die-gr3y

Path: linux/http/raspberrymatic_unauth_rce_cve_2024_24578

AttackerKB reference: CVE-2024-24578

Description: Adds support for CVE-2024-24578, an unauthenticated file write and ZipSlip vulnerability allowing attackers to upload a compressed file that will not be bounds-checked and expanded automatically, allowing the overwrite of arbitrary files. In this case, we overwrite the watchdog script, run by a cron job every 5 minutes.

Bugs fixed (1)

• #19893 from bwatters-r7 - This removes a CVE reference from an LPE because the vulnerability identified by the CVE is not exploited in the LPE module. The CVE was instead referring to an RCE which led to the discovery of the technique employed by the RCE. The LPE technique was never acknowledged by the vendor as a vulnerability.

Documentation

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate

and you can get more details on the changes since the last blog post from

GitHub:

• Pull Requests 6.4.50...6.4.51


• Full diff 6.4.50...6.4.51

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.

To install fresh without using git, you can use the open-source-only Nightly Installers or the

commercial edition Metasploit Pro

Source: Rapid7
Source Link: https://blog.rapid7.com/2025/02/28/metasploit-weekly-wrap-up-02-28-2025/