Exploitation for Priv-Esc × Rapid7 Metasploit Pro

A publicly-reported instance of Exploitation for Priv-Esc bypassing Rapid7 Metasploit Pro, recorded with its original source. Factual record; no assessment of any specific deployment.

Product

Rapid7 Metasploit Pro

Technique

Exploitation for Priv-Esc

MITRE ATT&CK

T1068

Confidence

High

Severity

Critical

Status

poc

Disclosed

2026-05-15

Config / version noted

Not stated

Provenance

nvd.nist.gov
disclosed 2026-05-15 · original source · via nvd

Reported as

A local privilege escalation vulnerability exists in Rapid7 Metasploit Pro on Windows.

Mechanism

The metasploitPostgreSQL service spawns postgres.exe as SYSTEM, which loads openssl.cnf from a static path writable by the 'vagrant' user. By placing a crafted configuration file, an attacker triggers arbitrary command execution via OpenSSL's config engine, bypassing security controls and escalating to SYSTEM.

Detection & mitigation

Monitor for unexpected modifications to OpenSSL configuration files in static paths, especially by non-privileged users, using file integrity monitoring (FIM) or Windows Event ID 4663. Mitigate by restricting write permissions on service-related configuration directories and applying the vendor patch.

Exploitation for Priv-Esc has also been recorded against

Apple Atlassian Bitdefender Broadcom (Symantec)Comodo Security ConnectWise CrowdStrike Elastic ESET F5 Fortinet Google

This is a record of a publicly-reported event, not an assessment of any specific organization's deployment. Detection and mitigation notes are drawn from the cited source. Where the source is silent, fields are omitted.