Metasploit Wrap-Up 11/14/2025

Nov 14 2025

bwatters_sus.png

It has “SUS” in the name, what did you expect?

This week’s release features the much-hyped CVE-2025-59287, a Critical-Severity Windows Server Update Service (WSUS) vulnerability that allows for SYSTEM level remote code execution. Documented among the multiple recent zero-days in Windows, the vulnerability affects Windows Servers running the WSUS service, which is not enabled by default. Several vendors, including Huntress and Eye Security have reported seeing the exploit used in the wild, and the Cybersecurity and Infrastructure Security Agency (CISA) ordered US government agencies to patch affected machines last month.

New module content (1)

Windows Server Update Service Deserialization Remote Code Execution

Authors: msutovsky-r7 and mwulftange

Type: Exploit

Pull request: #20674 contributed by msutovsky-r7 

Path: windows/http/wsus_deserialization_rce 

AttackerKB reference: CVE-2025-59287

Description: Adds a module targeting CVE-2025-59287, an unauthenticated deserialization vulnerability in the Windows Server Update Service (WSUS) resulting in remote code execution as SYSTEM

Enhancements and features (3)

  • #20576 from msutovsky-r7 - This updates the LINQPad persistence module to use the new persistence mixin.
  • #20669 from stfnw - This updates the auxiliary/scanner/http/azure_ad_login module to print the domain and username in error messages. This enables users to understand what user caused the error.
  • #20690 from dbono-r7 - This adds the cert pipe to the list of known pipes that will be checked by the auxiliary/scanner/smb/pipe_auditor module. This effectively enables users to identify when the MS-ICPR interface is available because Active Directory Certificate Services (AD CS) is in use.

Documentation (1)

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

  • #20625 from h00die - Improved multiple modules’ documentation to have consistent formatting.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro

Read more

  • Metasploit
  • Metasploit Weekly Wrapup