Metasploit Wrap-Up 11/14/2025

Nov 14 2025

bwatters_sus.png

It has “SUS” in the name, what did you expect?

This week’s release features the much-hyped CVE-2025-59287, a Critical-Severity Windows Server Update Service (WSUS) vulnerability that allows for SYSTEM level remote code execution. Documented among the multiple recent zero-days in Windows, the vulnerability affects Windows Servers running the WSUS service, which is not enabled by default. Several vendors, including Huntress and Eye Security have reported seeing the exploit used in the wild, and the Cybersecurity and Infrastructure Security Agency (CISA) ordered US government agencies to patch affected machines last month.

New module content (1)

Windows Server Update Service Deserialization Remote Code Execution

Authors: msutovsky-r7 and mwulftange

Type: Exploit

Pull request: #20674 contributed by msutovsky-r7 

Path: windows/http/wsus_deserialization_rce 

AttackerKB reference: CVE-2025-59287

Description: Adds a module targeting CVE-2025-59287, an unauthenticated deserialization vulnerability in the Windows Server Update Service (WSUS) resulting in remote code execution as SYSTEM

Enhancements and features (3)

  • #20576 from msutovsky-r7 - This updates the LINQPad persistence module to use the new persistence mixin.
  • #20669 from stfnw - This updates the auxiliary/scanner/http/azure_ad_login module to print the domain and username in error messages. This enables users to understand what user caused the error.
  • #20690 from dbono-r7 - This adds the cert pipe to the list of known pipes that will be checked by the auxiliary/scanner/smb/pipe_auditor module. This effectively enables users to identify when the MS-ICPR interface is available because Active Directory Certificate Services (AD CS) is in use.

Documentation (1)

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

  • #20625 from h00die - Improved multiple modules’ documentation to have consistent formatting.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro

Read more

  • Metasploit
  • Metasploit Weekly Wrapup

Recommended Jobs

TI Specialist II

V celnici 1031/4, Prague, Czechia, 110 00 Threat Intelligence
The TI Specialist II is a customer-facing cyber threat intelligence role focused on delivering actionable intelligence to enterprise customers. This role combines hands-on threat analysis with direct customer engagement to help organizations reduc...

Account Executive – Strategic (Northern Germany)

Remote Location, Germany, 47929 Sales & BD
Account Executive – Strategic (Northern Germany) The Strategic Account Executive is responsible for driving new customer acquisition and expanding Rapid7’s footprint across Northern Germany. You will own the full sales cycle, build strong custome...

Manager, Commercial Sales (Tampa)

Water Street, Tampa, FL, United States, 33602 Sales & BD
 *Actively looking for candidates in the Tampa, FL area* We are looking for an Commercial Sales Manager to lead and grow our South-East Region commercial sales team. In this role, you will be responsible for developing strategic account plans, co...

Senior Software Engineer

Remote location, Pune, India, 411001 Product & Engineering
Rapid7 is a publicly traded Cybersecurity company headquartered in Boston, MA with 17 offices around the world. We are excited to be expanding our Global footprint into India and as we build out our Product & Engineering teams, we are looking for ...

Staff Software Engineer

Remote location, Pune, India, 411001 Product & Engineering
Rapid7 is a publicly traded Cybersecurity company headquartered in Boston, MA with 17 offices around the world. We are excited to be expanding our Global footprint into India and as we build out our Product & Engineering teams, we are looking for ...

Principal Program Manager

Remote location, Pune, India, 411001 Program Management - Technical
Rapid7 is a publicly traded Cybersecurity company headquartered in Boston, MA with 17 offices around the world. We are excited to be expanding our Global footprint into India and as we build out our Product & Engineering teams, we are looking for ...

Search All Jobs