Metasploit Wrap-Up 11/14/2025

Nov 14 2025

bwatters_sus.png

It has “SUS” in the name, what did you expect?

This week’s release features the much-hyped CVE-2025-59287, a Critical-Severity Windows Server Update Service (WSUS) vulnerability that allows for SYSTEM level remote code execution. Documented among the multiple recent zero-days in Windows, the vulnerability affects Windows Servers running the WSUS service, which is not enabled by default. Several vendors, including Huntress and Eye Security have reported seeing the exploit used in the wild, and the Cybersecurity and Infrastructure Security Agency (CISA) ordered US government agencies to patch affected machines last month.

New module content (1)

Windows Server Update Service Deserialization Remote Code Execution

Authors: msutovsky-r7 and mwulftange

Type: Exploit

Pull request: #20674 contributed by msutovsky-r7 

Path: windows/http/wsus_deserialization_rce 

AttackerKB reference: CVE-2025-59287

Description: Adds a module targeting CVE-2025-59287, an unauthenticated deserialization vulnerability in the Windows Server Update Service (WSUS) resulting in remote code execution as SYSTEM

Enhancements and features (3)

  • #20576 from msutovsky-r7 - This updates the LINQPad persistence module to use the new persistence mixin.
  • #20669 from stfnw - This updates the auxiliary/scanner/http/azure_ad_login module to print the domain and username in error messages. This enables users to understand what user caused the error.
  • #20690 from dbono-r7 - This adds the cert pipe to the list of known pipes that will be checked by the auxiliary/scanner/smb/pipe_auditor module. This effectively enables users to identify when the MS-ICPR interface is available because Active Directory Certificate Services (AD CS) is in use.

Documentation (1)

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

  • #20625 from h00die - Improved multiple modules’ documentation to have consistent formatting.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro

Read more

  • Metasploit
  • Metasploit Weekly Wrapup

Recommended Jobs

Senior Cybersecurity Advisor

Level 21, Melbourne, Australia, 3000 Security Services
Rapid7 Cybersecurity Advisors partner with our customers above and beyond the tactical aspects of vulnerability management, application security, and threat detection and incident response. You will work with your customers to increase their resil...

Manager, Enterprise Sales

TX, United States, 73301 Sales & BD
 *Actively looking for candidates in the Dallas TX area* We are looking for an Enterprise Sales Manager to lead and grow our TOLA Region enterprise sales team. In this role, you will be responsible for developing strategic account plans, coaching...

Regional Sales Leader - Germany (North)

Remote Location, Germany, 47929 Sales & BD
Regional Sales Leader - Germany North We are looking for an experienced and people-centric Sales Leader to join our EMEA Sales organisation and be responsible for driving revenue growth across Northern Germany. Located remotely within the region,...

Director, Real Estate and Workplace Experience Operations

120 Causeway Street, Boston, MA, United States, 02114 Business Support
Rapid7 is seeking an experienced Director of Real Estate and Workplace Experience Operations to drive global processes, planning, and execution across our real estate portfolio and workplace operations.This role requires a strategic thinker who al...

Senior Security Engineer

Remote location, Pune, India, 411001 Information Security
Sr. Security Engineer, IT Infrastructure Obsessed with security? Are you looking for a new opportunity to channel your security expertise into building, integrating, and automating security controls across cloud and on-premise environments? Do yo...

Enterprise Account Executive

1st Floor, Reading, United Kingdom, RG7 4SA Sales & BD
Enterprise Account Executive Rapid7 is seeking a curious, customer-centric, and target-driven Enterprise Account Executive to join our UKI sales team. In this role, you will be responsible for growing your territory by acquiring new enterprise cu...

Search All Jobs