CP
cyberpings
Tools & TutorialsMEDIUM

Metasploit Tools - New Exploit Modules and Enhancements

R7Rapid7 Blog
MetasploitCVE-2026-29058CVE-2025-64328AVideo EncoderFreePBX
🎯

Basically, Metasploit added new tools to help test security in software.

Quick Summary

Metasploit has rolled out a new update featuring two exploit modules for AVideo Encoder and FreePBX. This release enhances functionality and addresses several bugs. Users should update to improve their security testing capabilities.

What Happened

On March 20, 2026, Metasploit released an update featuring two new exploit modules, enhancements, and bug fixes. Community contributor Chocapikk played a significant role by submitting both exploit modules. The first targets an unauthenticated command injection vulnerability in AVideo Encoder's getImage.php file. The second module addresses an authenticated command injection vulnerability in FreePBX.

The AVideo Encoder exploit is identified as CVE-2026-29058, which allows attackers to execute commands without authentication. The FreePBX exploit, labeled as CVE-2025-64328, includes automatic detection of vulnerable versions, simplifying the exploitation process for users.

Enhancements and Features

In addition to the new exploits, this release brings two notable enhancements. The first enhancement modifies the LDAP query module, allowing users to skip querying the System Access Control List (SACL) by default. This change is crucial for non-privileged users, as querying the SACL without proper permissions can block the entire query, leading to no security descriptors being returned.

The second enhancement introduces a new OptTimedelta datastore option type. This feature enables module authors to specify time durations in a user-friendly format, making it easier for users to understand and set time-related options within modules.

Bug Fixes

The update also addresses seven bugs that improve the overall functionality of Metasploit. These fixes include a new DHCPINTERFACE option for the DHCP server mixin, which allows modules to specify a particular interface to bind to. Other fixes resolve issues related to documentation, crashes with non-string values, and authentication problems in the ldap_esc_vulnerable_cert_finder module.

How to Get Started

Users can update to the latest Metasploit Framework using the msfupdate command. For those interested in the changes since the last update, detailed information is available on GitHub. Users can also clone the Metasploit Framework repository for the latest version or utilize the open-source Nightly Installers for fresh installations. This update not only enhances Metasploit's capabilities but also strengthens its reliability for security testing.

🔒 Pro insight: The addition of these modules reflects ongoing vulnerabilities in widely-used platforms, emphasizing the need for constant security assessments.

Original article from

Rapid7 Blog · Brendan Watters

Read Full Article

Share

Related Pings

MEDIUMTools & Tutorials

AI-Generated Code - Embracing Dynamic Testing for Security

AI-generated code is changing the security game. Dynamic testing is now essential to uncover hidden vulnerabilities in complex applications. Stay ahead of threats by integrating advanced testing methods into your security strategy.

Snyk Blog·
MEDIUMTools & Tutorials

Tools - Anthropic Launches Projects Feature for Claude Cowork

Anthropic has rolled out a new Projects feature for Claude Cowork Desktop. This update enhances task organization for paid users, allowing for better file management. It aims to streamline workflows, making it easier to manage complex tasks and maintain context.

Cyber Security News·
LOWTools & Tutorials

Tabletop Exercises - Transforming Security Training Sessions

Transform your dull tabletop exercises into engaging simulations! Learn how to gamify security training for better team collaboration and preparedness. Make learning fun!

Black Hills InfoSec·
MEDIUMTools & Tutorials

Semgrep Multimodal - Enhancing Code Security with AI

Semgrep has launched Multimodal, a new system that combines AI reasoning with rule-based analysis for better code security. It helps organizations find vulnerabilities more effectively, making it a crucial tool in today's development landscape. With its ability to detect zero-days, this innovation promises to enhance overall security measures.

Help Net Security·
LOWTools & Tutorials

USB Security - A Tech Support Tale of Travel Woes

A tech consultant's journey highlights the challenges of USB security during client visits. When strict protocols hindered a product demo, it became a lesson in preparation. Understanding client security measures is crucial for success.

The Register Security·
LOWTools & Tutorials

New Infosec Products - Key Releases from March 2026

March 2026 saw exciting new infosec products launched. Key tools include NinjaOne's vulnerability management and Intel 471's threat exposure bundle. These innovations aim to enhance security and streamline processes.

Help Net Security·