Smaller Fetch Payloads
This week, a significant enhancement was made to the already awesome fetch payload feature by our very own bwatters-r7. The improvement introduces a new option, PIPE_FETCH, which optimizes the process by serving both the payload and the command to be executed simultaneously.
This enhancement directly addresses the challenge of limited space by significantly reducing the size of the command that needs to be run. The PIPE_FETCH option works by initially generating a small command. When this compact command is executed, it fetches the actual, larger command that needs to be run. The fetched command is then directly piped into the shell, streamlining the execution process and making it feasible to use fetch payloads in scenarios where space constraints were previously a limitation.
New module content (2)
BentoML RCE
Authors: Takahiro Yokoyama and c2an1
Type: Exploit
Pull request: #20041 contributed by Takahiro-Yoko
Path: linux/http/bentoml_rce_cve_2025_27520
AttackerKB reference: CVE-2025-27520
Description: This adds a module for an unauthenticated remote code execution in BentoML (CVE-2025-27520).
Langflow AI RCE
Authors: Naveen Sunkavally (Horizon3.ai) and Takahiro Yokoyama
Type: Exploit
Pull request: #20022 contributed by Takahiro-Yoko
Path: multi/http/langflow_unauth_rce_cve_2025_3248
AttackerKB reference: CVE-2025-3248
Description: This adds a ..
Support the originator by clicking the read the rest link below.
