With seven new exploit modules that target popular enterprise software, this week's update to the Metasploit Framework offers penetration testers and red teamers a major improvement This article explores vulnerability chaining freepbx. . The highlight of this release is a sophisticated trio of modules directed at FreePBX, alongside critical remote code execution (RCE) capabilities for Cacti and SmarterMail.

This update highlights the ongoing danger of using secondary vulnerabilities to chain authentication bypass flaws in order to fully compromise the system. Vulnerability Chaining for FreePBX The framework's most important addition consists of three separate modules aimed at FreePBX, an open-source graphical user interface (GUI) that manages Asterisk (PBX). A technique to chain several vulnerabilities to elevate privileges from an unauthenticated state to remote code execution has been developed by researchers Noah King and msutovsky-r7.

CVE-2025-66039, an authentication bypass vulnerability that enables unauthorized actors to get around login procedures, is the first link in the attack chain. The framework provides two different routes to RCE once the authentication barrier is broken. The first exploit path makes use of a SQL injection flaw known as CVE-2025-61675.

An attacker can effectively schedule the execution of arbitrary code by manipulating the database to insert a new job into the cron_job table by injecting malicious SQL commands. As an alternative, the second module takes advantage of CVE-2025-61678, a flaw in the firmware upload function that allows unrestricted file upload. This gives the attacker instant control by enabling them to upload a webshell straight to the server.

This set's third auxiliary module illustrates the exploit chain's versatility by using the same SQL injection vulnerability to merely create a rogue administrator account. Crucial RCE in SmarterMail and Cacti The update fixes serious issues with monitoring and communication platforms outside of the VoIP industry. A new module specifically exploits CVE-2025-24367 to target the well-known network monitoring tool Cacti.

This vulnerability allows unauthenticated remote code execution through the graph template mechanism and affects versions before 1.2.29. This module is a high-priority test case for network administrators because of Cacti's extensive use in infrastructure monitoring. Concurrently, the framework now supports exploiting CVE-2025-52691 in SmarterTools SmarterMail. Path traversal manipulation within the guid variable is the basis for this unauthenticated file upload vulnerability.

In terms of the underlying operating system, the module is remarkably adaptable. The exploit places a webshell in the webroot directory if the target is running Windows. On the other hand, if the target is a Linux environment, it creates a cron job in /etc/cron to accomplish persistence and execution.d.

Persistence Tools and Core Fixes Additionally, the release adds new persistence modules to improve post-exploitation capabilities. Attackers can install a malicious extension on both the Pro and Community versions of Burp Suite thanks to a new extension persistence module that makes it run every time the user opens the program. To further simplify operations, the team combined SSH key persistence for Linux and Windows into a single, cohesive module. A number of important bugs were fixed in terms of maintenance.

The formatting problem that made hash data incompatible with the John the Ripper password cracker has been fixed. In order to guarantee accurate reporting during engagements, a logic error in the SSH login scanner that had previously reported successful logins as failures when sessions could not be opened has been fixed.

Module Name CVE ID Target System Impact FreePBX Endpoint SQLi CVE-2025-66039, CVE-2025-61675 FreePBX Remote Code Execution FreePBX Firmware Upload CVE-2025-66039, CVE-2025-61678 CVE-2025-66039, CVE-2025-61675 FreePBX Remote Code Execution FreePBX Admin Creation Cacti Graph Template for FreePBX Privilege Escalation CVE-2025-24367 RCE Cacti (< 1.2.29) Execution of Code Remotely CVE-2025-52691 SmarterMail GUID Upload Remote Code Execution with SmarterMail Persistence of Burp Extension Burp Suite Persistence: N/A Persistence of SSH Keys For daily cybersecurity updates, use X, LinkedIn, and Linux/Windows Persistence. To have your stories featured, get in touch with us.