Metasploit Update Adds Erlang/OTP SSH Exploit and OPNSense Scanner

The open-source penetration testing toolkit Metasploit has unveiled a major update, introducing four new modules, including a highly anticipated exploit targeting Erlang/OTP SSH servers and a scanner for OPNSense firewalls.

The release also enhances diagnostic tools and addresses critical bugs, solidifying its role as a cornerstone for security professionals, as per a report by Rapid7.

New Features

1. Erlang/OTP SSH Pre-Auth Root RCE (CVE-2025-32433)

Dubbed the “big-ticket item” of this release, the linux/ssh/ssh_erlangotp_rce exploit targets a critical pre-authentication vulnerability in Erlang-based SSH servers.

Developed by Horizon3 Attack Team and collaborators, this module allows attackers to execute arbitrary commands as root by sending crafted SSH packets.

Security teams are urged to patch affected systems, as unsecured instances could grant full control to remote attackers.

2. OPNSense Login Scanner

Contributor sjanusz-r7 added a new scanner/http/opnsense_login module to brute-force credentials on OPNSense firewalls.

With OPNSense widely adopted in enterprise networks, this tool streamlines vulnerability assessments for misconfigured or weak authentication setups.

3. Sante PACS Server Path Traversal (CVE-2025-2264)

Tenable researchers Michael Heinzl and h4x-x0r developed an auxiliary module to exploit a path traversal flaw in Sante PACS Server, enabling attackers to read sensitive files.

Healthcare organizations using the software should prioritize updates to protect patient data.

4. SMB-to-HTTP Relay for Stealing NAA Credentials

This module, contributed by jheysel-r7, refines credential theft techniques against SCCM systems by relaying SMB authentication to HTTP.

It exposes risks in misconfigured Network Access Accounts (NAA), a common blind spot in Active Directory environments.

Enhancements & Features

• Shodan Facet Support: Integrates Shodan’s filtering capabilities to refine threat intelligence searches.
• TLS Decryption Boost: The SSLKeyLogFile option lets tools like Wireshark decrypt TLS traffic, aiding forensic analysis.
• Windows SMB Multi-Dropper Upgrade: Adds support for .library-ms files, expanding attack vectors in Windows environments.
• Faster Startup: A tweak by bcoles reduces msfconsole load times by deferring module option sorting.

A patch by adfoster-r7 resolves SSL connection failures when the Server Name Indicator (SNI) extension is active, ensuring smoother operations during red-team engagements.

This update underscores Metasploit’s adaptability to emerging threats. The Erlang/OTP exploit, in particular, highlights risks in lesser-scrutinized components like embedded SSH services.

Meanwhile, the OPNSense scanner and SMB relay module address pervasive network misconfigurations.

“Tools like Metasploit are vital for stress-testing defenses,” says security analyst Maria Lopez. “These updates arm professionals with the means to proactively identify and mitigate risks.”

Metasploit’s latest iteration is now available on GitHub, with users advised to update immediately. Organizations relying on Erlang/OTP, OPNSense, or Sante PACS should review their exposure to these vulnerabilities and apply patches where available.