automatic module_metadata_base.json update

jenkins-metasploit · jenkins-metasploit · commit 04d817365763 · 2025-04-04T15:01:08.000Z
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -18751,6 +18751,61 @@
     "needs_cleanup": false,
     "actions": []
   },
+  "auxiliary_gather/crushftp_authbypass_cve_2025_2825": {
+    "name": "CrushFTP AWS4-HMAC Authentication Bypass",
+    "fullname": "auxiliary/gather/crushftp_authbypass_cve_2025_2825",
+    "aliases": [],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "auxiliary",
+    "author": [
+      "Outpost24",
+      "remmons-r7"
+    ],
+    "description": "This module leverages an authentication bypass in CrushFTP 11 < 11.3.1 and 10 < 10.8.4. Attackers\n          with knowledge of a valid username can provide a crafted S3 authentication header to the CrushFTP web API\n          to authenticate as that user without valid credentials. When successfully executed, the exploit will\n          output working session cookies for the target user account.",
+    "references": [
+      "CVE-2025-2825",
+      "URL-https://attackerkb.com/topics/k0EgiL9Psz/cve-2025-2825/rapid7-analysis"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 8080,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": null,
+    "mod_time": "2025-04-03 10:24:46 +0000",
+    "path": "/modules/auxiliary/gather/crushftp_authbypass_cve_2025_2825.rb",
+    "is_install_path": true,
+    "ref_name": "gather/crushftp_authbypass_cve_2025_2825",
+    "check": false,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": []
+    },
+    "session_types": false,
+    "needs_cleanup": false,
+    "actions": []
+  },
   "auxiliary_gather/crushftp_fileread_cve_2024_4040": {
     "name": "CrushFTP Unauthenticated Arbitrary File Read",
     "fullname": "auxiliary/gather/crushftp_fileread_cve_2024_4040",
