RISC-V Payloads
This week brings more RISC-V payloads from community member bcoles. One provides a new adapter which allows RISC-V payloads to be converted to commands and delivered as a Metasploit fetch-payload. The second is a classic bind shell, offering the user interactive connectivity to the target host. Both of these go a long way in improving Metasploit’s support for RISC-V systems.
Annual Wrap Up
With a new year comes a new annual wrap up. Earlier this week, the Metasploit project posted the annual wrap up covering notable changes from 2025.
New module content (4)
Taiga tribe_gig authenticated unserialize remote code execution
Authors: rootjog and whotwagner
Type: Exploit
Pull request: #20700 contributed by whotwagner
Path: multi/http/taiga_tribe_gig_unserial
AttackerKB reference: CVE-2025-62368
Description: This adds a new module for authenticated deserialization vulnerability in Taiga.io (CVE-2025-62368). The module sends malicious data to exposed API, which performs unsafe deserialization, leading to remote code execution.
Python Site-Specific Hook Persistence
Author: msutovsky-r7
Type: Exploit
Pull request: #20692 contributed by msutovsky-r7
Path: multi/persistence/python_site_specific_hook
Description: This adds a persistence module which leverages Python's startup mechanism, where some files can be automatically processed during the initialization of the Python interpreter. Someof those files are startup hooks (site-specific, dist-packages). If these files are present in site-specific or dist-packages directories, any lines beginning with import will be executed automatically. This creates a persistence mechanism if an attacker has established access to the target machine with sufficient permissions.
Add Linux RISC-V command payload adapters
Authors: bcoles bcoles@gmail.com
Type: Payload (Adapter)
Pull request: #20734 contributed by bcoles
Description: This extends fetch payloads for RISC-V targets.
Linux Command Shell, Bind TCP Inline
Authors: bcoles bcoles@gmail.com and modexp
Type: Payload (Single)
Pull request: #20733 contributed by bcoles
Path: linux/riscv32le/shell_bind_tcp
Description: This adds a new payload: a bind shell for Linux RISC-V targets.
Bugs fixed (2)
- #20370 from msutovsky-r7 - Fixes an issue that occurred when negotiating the SMB version and the server uses an unknown dialect. Now, the login function will throw an exception and exit gracefully.
- #20744 from ptrstr - This fixes a bug in unix/webapp/wp_reflexgallery_file_upload where the current year and month were being hardcoded in the request. This caused the server to reject the exploit if there was no folder in wp-content/uploads for that specific year and month. Now the year and month are configurable datastore options.
Documentation added (1)
- #20831 from DataExplorerX - This adds link to issues in Metasploit Framework Github repository.
You can always find more documentation on our docsite at docs.metasploit.com.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro
- Metasploit
- Metasploit Weekly Wrapup