National Cyber Warfare Foundation (NCWF)

Metasploit Wrap-Up 03 28 2025
0 user ratings		2025-03-28 19:54:29
milo
Red Team (CNA)

Windows LPE - Cloud File Mini Filer Driver Heap Overflow


This Metasploit release includes an exploit module for CVE-2024-30085, an LPE in cldflt.sys which is known as the Windows Cloud Files Mini Filer Driver. This driver allows users to manage and sync files between a remote server and a



Windows LPE - Cloud File Mini Filer Driver Heap Overflow


Metasploit Wrap-Up 03/28/2025

This Metasploit release includes an exploit module for CVE-2024-30085, an LPE in cldflt.sys which is known as the Windows Cloud Files Mini Filer Driver. This driver allows users to manage and sync files between a remote server and a local client. The exploit module allows users with an existing session on an affected Windows device to seamlessly escalate their privileges to NT AUTHORITY\SYSTEM. This module has been tested on Windows workstation versions 10_1809 through 11_23H2 and Windows server versions 2022 to 22_23H2.


New module content (3)


GLPI Inventory Plugin Unauthenticated Blind Boolean SQLi


Authors: jheysel-r7 and rz

Type: Auxiliary

Pull request: #19974 contributed by jheysel-r7

Path: gather/glpi_inventory_plugin_unauth_sqli

AttackerKB reference: CVE-2025-24799


Description: This adds an auxiliary module for an Unauth Blind Boolean SQLi (CVE-2025-24799) vulnerability in GLPI <= 1.0.18 when the Inventory Plugin is installed and enabled.


Eramba (up to 3.19.1) Authenticated Remote Code Execution Module


Authors: Niklas Rubel, Sergey Makarov, Stefan Pietsch, Trovent Security GmbH, and msutovsky-r7

Type: Exploit

Pull request: #19957 contributed by msutovsky-r7

Path: linux/http/eramba_rce

AttackerKB reference: CVE-2023-36255


Description: This adds an exploit for CVE-2023-36255 which is an authenticated command injection vulnerability in Eramba.


Windows Cloud File Mini Filer Driver Heap Overflow


Authors: Alex Birnberg, bwatters-r7, and ssd-disclosure

Type: Exploit

Pull request: #19802 contributed by bwatters-r7

Path: windows/local/cve_2024_30085_cloud_files

AttackerKB reference: CVE-2024-30085


Description: Local Privilege Escalation for Windows, exploiting CVE-2024-30085. It allows escalating an existing session to higher privileges.


Bugs fixed (3)



  • #19932 from adfoster-r7 - Fixes a crash when running the exploits/windows/mssql/mssql_payload module against previously opened Microsoft SQL Server sessions.

  • #19962 from e2002e - This preemptively updates the API host for the ZoomEye search module to reflect changes made by the upstream organization.

  • #19987 from zeroSteiner - This updates the Ivanti and Sonicwall Bruteforce modules to use #initialize methods that accept a single argument as the LoginScanner classes should. It also renames the modules to follow the standard convention and adds a small fix to catch an unhandled connection error that was being thrown by the Sonicwall module.


Documentation


You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.


Get it


As always, you can update to the latest Metasploit Framework with msfupdate

and you can get more details on the changes since the last blog post from

GitHub:



If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.

To install fresh without using git, you can use the open-source-only Nightly Installers or the

commercial edition Metasploit Pro




Source: Rapid7
Source Link: https://blog.rapid7.com/2025/03/28/metasploit-wrap-up-03-28-2025/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Red Team (CNA)


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.