Metasploit Framework Adds Exploits for Marvell, GestioIP, and Dolibarr Vulnerabilities
The Metasploit Framework has added four new modules, including exploits for critical vulnerabilities in Marvell QConvergeConsole, GestioIP, and Dolibarr ERP/CRM, alongside a new Vim-based persistence mechanism.

The Metasploit Framework has integrated four new exploit and persistence modules, highlighting critical vulnerabilities across a range of enterprise and management software. Among the most significant additions is an auxiliary module for Marvell QConvergeConsole, which addresses a path traversal vulnerability tracked as CVE-2025-6793 Rapid7. This flaw allows unauthenticated attackers to read arbitrary files from affected hosts, specifically impacting versions 5.5.0.85 and earlier Rapid7.
Another notable inclusion is an exploit module for GestioIP 3.5.7, which targets an authenticated remote code execution (RCE) vulnerability identified as CVE-2024-48760 Rapid7. The vulnerability resides in the application's /api/upload.cgi handler. An attacker possessing administrative credentials can exploit this unsafe upload mechanism to overwrite the script with a malicious backdoor, subsequently executing arbitrary commands on the underlying system Rapid7.
The update also features a module for Dolibarr ERP/CRM, targeting an authenticated PHP code injection vulnerability (CVE-2023-30253) affecting versions prior to 17.0.1 Rapid7. The vulnerability exploits a flaw in the application's Website module, where the security filter intended to block PHP injections only searches for the lowercase <?php string. By utilizing uppercase <?PHP tags, an attacker can bypass this filter to execute malicious code, provided they have valid credentials with access to the Website module Rapid7.
Beyond these RCE and file-read vulnerabilities, the Metasploit team has introduced a new Linux persistence module that leverages the Vim text editor Rapid7. By writing a malicious plugin to the ~/.vim/plugin/ directory of a target user, an attacker can ensure that their payload executes automatically the next time the user launches Vim. This technique effectively establishes a persistent foothold on the compromised system Rapid7.
These additions underscore the ongoing challenge of securing enterprise applications against both sophisticated injection bypasses and insecure file-handling practices. The inclusion of these modules in the Metasploit Framework provides security professionals with the tools to test their environments against these specific weaknesses. Organizations using Marvell QConvergeConsole, GestioIP, or Dolibarr should verify their software versions and apply the necessary patches or mitigations to prevent exploitation by threat actors leveraging these known vulnerabilities Rapid7.