automatic module_metadata_base.json update

jenkins-metasploit · jenkins-metasploit · commit 5394ff4b1b04 · 2025-09-16T20:30:50.000Z
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -170889,6 +170889,71 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_windows/http/commvault_rce_cve_2025_57790_cve_2025_57791": {
+    "name": "Commvault Command-Line Argument Injection to Traversal Remote Code Execution",
+    "fullname": "exploit/windows/http/commvault_rce_cve_2025_57790_cve_2025_57791",
+    "aliases": [],
+    "rank": 600,
+    "disclosure_date": "2025-08-19",
+    "type": "exploit",
+    "author": [
+      "Sonny Macdonald",
+      "Piotr Bazydlo",
+      "remmons-r7"
+    ],
+    "description": "This module exploits an unauthenticated remote code execution exploit chain for Commvault,\n          tracked as CVE-2025-57790 and CVE-2025-57791. A command-line injection permits unauthenticated\n          access to the 'localadmin' account, which then facilitates code execution via expression\n          language injection. CVE-2025-57788 is also leveraged to leak the target host name, which is\n          necessary knowledge to exploit the remote code execution chain. This module executes in\n          the context of 'NETWORK SERVICE' on Windows.",
+    "references": [
+      "CVE-2025-57790",
+      "CVE-2025-57791",
+      "CVE-2025-57788",
+      "URL-https://documentation.commvault.com/securityadvisories/CV_2025_08_1.html",
+      "URL-https://documentation.commvault.com/securityadvisories/CV_2025_08_2.html",
+      "URL-https://blog.eclecticiq.com/china-nexus-threat-actor-actively-exploiting-ivanti-endpoint-manager-mobile-cve-2025-4428-vulnerability"
+    ],
+    "platform": "Windows",
+    "arch": "cmd",
+    "rport": 443,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Default"
+    ],
+    "mod_time": "2025-09-15 11:19:49 +0000",
+    "path": "/modules/exploits/windows/http/commvault_rce_cve_2025_57790_cve_2025_57791.rb",
+    "is_install_path": true,
+    "ref_name": "windows/http/commvault_rce_cve_2025_57790_cve_2025_57791",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs",
+        "artifacts-on-disk",
+        "config-changes"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": true
+  },
   "exploit_windows/http/cyclope_ess_sqli": {
     "name": "Cyclope Employee Surveillance Solution v6 SQL Injection",
     "fullname": "exploit/windows/http/cyclope_ess_sqli",
