Version 6.4.111 of the Metasploit Framework introduces seven new exploit modules that target critical flaws in popular enterprise applications This article explores rce vulnerabilities freepbx. . The update fixes persistence mechanisms in BurpSuite and SSH environments, as well as authentication bypass and remote code execution (RCE) vulnerabilities in FreePBX, Cacti, SmarterTools, and SmarterMail.

Bypassing Authentication to Get RCE Three new FreePBX modules show complex exploitation chains starting with CVE-2025-66039, an unauthenticated authentication bypass, according to Rapid7. By using this vulnerability, attackers can gain unauthorized access to FreePBX systems and then use secondary vulnerabilities to execute code. CVE-2025-66039 and CVE-2025-61675, a SQL injection vulnerability that permits cron job manipulation within the database to achieve RCE, are chained together in the first module. In order to enable webshell deployment, the second module combines the authentication bypass with CVE-2025-61678, an unrestricted file upload vulnerability in the firmware upload function.

By taking advantage of the same SQLi vulnerability, a third auxiliary module generates administrative database users. CVE ID Vulnerability Module Name CVE-2025-66039 + CVE-2025-61675 impact freepbx_custom_extension_rce Remote Code for SQL Injection + Auth Bypass Freepbx_firmware_file_upload CVE-2025-66039 + CVE-2025-61678 execution RCE freepbx_custom_extension_injection CVE-2025-66039 + CVE-2025-61675, Auth Bypass + File Upload Webshell Deployment SQL Injection Admin + Auth Bypass User Creation cacti_graph_template_rce CVE-2025-24367 CVE-2025-52691 Unauthenticated RCE Remote Code Execution smartermail_guid_file_upload Burp_extension N/A Path Traversal File Upload RCE (Windows/Linux) Injection of Malicious Extensions Following Exploitation SSH Key Injection SSH Access Persistence SSH_key N/A CVE-2025-24367, an unauthenticated RCE vulnerability affecting versions before 1.2.29, is the target of the Cacti Graph Template module. Direct code execution is made possible by this module without the need for authentication.

CVE-2025-52691, an unauthenticated file upload vulnerability that uses path traversal via the guid parameter, is exploited by the SmarterTools SmarterMail module. On Windows systems, the module deposits webshells in the webroot directory; on Linux systems, it establishes persistence through cron job creation. Product Versions Affected Product Affected Versions Free Patch NeededPBX Every version that has CVE-2025-66039 The most recent security patch Cacti Before 1.2.29 Update to 1.2.29+ More Intelligent Tools Versions of SmarterMail with CVE-2025-52691 Release of vendor patches Post-exploitation operations are improved by two new persistence modules.

Malicious extensions are injected into both Community and Pro versions by the BurpSuite Extension Persistence module, which causes payload execution when the application launches. By combining Linux and Windows functionality, the SSH Key Persistence module allows for persistent unauthorized access via SSH key injection.

Three important bugs are fixed in the update: false positives in HTTP brute-forcing operations within Metasploit Pro, hash cracking integration with John the Ripper, and SSH login session creation failures. Patching to versions that address CVE-2025-66039, CVE-2025-61675, CVE-2025-61678, and CVE-2025-24367 should be a top priority for organizations using FreePBX, Cacti, or SmarterMail. Users of Metasploit can access the most recent modules and security enhancements by using msfupdate.