New RCEs
Metasploit added four new modules this week, including three that leverage vulnerabilities to obtain remote code execution (RCE). Among these three, two leverage deserialization, showing that the exploit primitive is still going strong. The Tomcat vulnerability in particular CVE-2025-24813 garnered a lot of attention when it was disclosed; however, to function, the exploit requires specific conditions to be met, which may not be present in many environments.
AD CS / PKCS12 Improvements
With the popularity of exploiting AD CS misconfigurations over the past couple of years, Metasploit has been continuing to iterate over our support. This week saw two improvements; one added additional error handling, which notably calls out authorization errors more clearly to the user. These errors, now labeled no-access failures, are encountered when the user is successfully authenticated but lacks authorization privileges to enroll on either the certificate template or the certificate authority server. Additionally, Metasploit's support for PKCS12 certificate storage is actively being improved. This week, a milestone was reached allowing additional metadata to be stored with the certificate, which, in the future, will enable more streamlined use of stored certificate data. This new metadata includes the password to decrypt the PKCS12 data, the CA that issued the certificate and AD CS template it was derived from.
New module content (4)
pfSense Login Scanner
Author: sjanusz-r7
Type: Auxiliary
Pull request: #19985 contributed by sjanusz-r7
Path: scanner/http/pfsense_login
Description: This adds a login scanner module for pfSense which can be used to brute force valid credentials to the web GUI.
