Public Exploit Releases for Multiple High-Impact RCE Vulnerabilities by Chocapikk
Security researcher Chocapikk has released a curated collection of public exploit repositories targeting a range of unauthenticated remote code execution (RCE) vulnerabilities across various platforms. The collection includes weaponized proof-of-concept (PoC) exploits and Metasploit modules for critical CVEs such as CVE-2025-34152 (Shenzhen Aitemi M300 Wi-Fi Repeater), CVE-2024-31819 (AVideo Platform), CVE-2024-25600 (Bricks), CVE-2023-50917 (MajorDoMo), CVE-2025-32432 (CraftCMS), and others. These tools are designed to facilitate security testing and highlight the risks posed by unpatched systems, with several exploits enabling unauthenticated attackers to gain remote shell access or escalate privileges on vulnerable targets.
The public availability of these exploits increases the urgency for organizations to patch affected systems and monitor for exploitation attempts. Chocapikk's contributions are widely referenced in the security community, with mentions in multiple security news outlets and integration into major exploit frameworks like Metasploit. The release of these tools underscores the ongoing threat posed by rapidly weaponized vulnerabilities and the importance of proactive vulnerability management and detection strategies for enterprise defenders.
Timeline
Nov 8, 2025
Researchers including Chocapikk are credited with disclosures
Security researchers, including Chocapikk, were credited with discovering and disclosing several of the vulnerabilities referenced in the roundup. The disclosures contributed to public awareness of the affected platforms and associated exploitation risks.
Nov 8, 2025
CISA and other organizations issue alerts on active exploitation
CISA and other organizations warned about active exploitation of some of the vulnerabilities, particularly those affecting Microsoft SharePoint and Atlassian Confluence. These alerts underscored the urgency for organizations to patch and apply mitigations.
Jan 1, 2024
Public PoCs and Metasploit support increase exploitation risk
During 2024 and 2025, public proof-of-concept exploits and Metasploit modules were released for several of these vulnerabilities, lowering the barrier to exploitation and increasing the likelihood of widespread attacks. The references describe this as accelerating real-world abuse of the flaws.
Jan 1, 2024
Critical RCE flaws are discovered and exploited across major platforms
Throughout 2024 and 2025, multiple critical remote code execution vulnerabilities were discovered and actively exploited in widely used software, including Wing FTP Server, Craft CMS, CyberPanel, Microsoft SharePoint, and Atlassian Confluence. The activity included zero-day exploitation, remote shell access, privilege escalation, and full system compromise.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Malware
Sources
Related Stories
Public PoC Exploits Surfaced for CVE-2026-34177 and CVE-2025-7389
Public GitHub repositories were flagged for newly published proof-of-concept exploits tied to two high-severity vulnerabilities: **`CVE-2026-34177`**, a VM low-level restriction bypass involving `raw.apparmor` and `raw.qemu.conf`, and **`CVE-2025-7389`**, an unauthorized arbitrary file-read issue via RMI in an AdminServer interface. The monitoring identified repositories advertising exploit code or demonstrations for both flaws, indicating that offensive tradecraft is now publicly accessible. The referenced tracking activity monitors GitHub for exploit and PoC publications, ranks results by most recently updated repositories, and limits visible results to the first 15 entries for performance reasons. For defenders, the appearance of public exploit material raises the urgency of validating exposure to affected virtualization and AdminServer deployments, prioritizing patching or mitigations, and increasing detection coverage for exploitation attempts targeting these CVEs.
3 weeks ago
Active Exploitation of Critical RCE Vulnerabilities in Enterprise Infrastructure (Cisco UC and VMware vCenter)
Reports warn of **in-the-wild exploitation** of critical remote code execution vulnerabilities affecting widely deployed enterprise infrastructure. One report describes a purported Cisco Unified Communications zero-day, **CVE-2024-20253**, impacting *Cisco Unified Communications Manager (Unified CM)*, *Cisco Unity Connection*, and *Webex Calling Dedicated Instance*, and claims it enables **unauthenticated command execution** via the web management interface, creating risk of full system compromise and rapid opportunistic scanning of internet-exposed instances. Separately, **CISA added Broadcom VMware vCenter Server CVE-2024-37079** (CVSS 9.8) to the **Known Exploited Vulnerabilities (KEV)** catalog based on evidence of exploitation; the issue is described as a **DCE/RPC heap overflow** that can lead to RCE via specially crafted network packets, and Broadcom updated its advisory to acknowledge observed exploitation. A third item (Rapid7’s Metasploit wrap-up) is not about either of these active-exploitation advisories; it covers new Metasploit modules for unrelated vulnerabilities (e.g., Oracle E-Business Suite **CVE-2025-61882** and Splunk issues), which may increase general exploitation capability but does not substantively corroborate the Cisco or VMware events.
1 months ago
Multiple High-Impact Vulnerabilities Disclosed Across Diverse Software Platforms
A series of critical and high-severity vulnerabilities have been disclosed affecting a wide range of software products, including workflow automation tools, web applications, network devices, and desktop software. Notable issues include remote code execution (RCE) flaws in *n8n*, *Lilac-Reloaded for Nagios*, *FileZilla Client*, and *AVideo*, as well as privilege escalation vulnerabilities in products like *Versa SASE Client*, *AspEmail*, and *ActFax*. Several vulnerabilities allow unauthenticated attackers to upload arbitrary files, bypass authentication, or exploit weak session management, potentially leading to full system compromise or unauthorized access to sensitive data. Many of these vulnerabilities have public exploits available, increasing the risk of active exploitation in the wild. Vendors have released patches for several of the affected products, and administrators are strongly advised to update to the latest versions or apply recommended mitigations. The vulnerabilities span a variety of attack vectors, including buffer overflows, improper input validation, insecure file upload mechanisms, and misconfigured authentication endpoints. Organizations should prioritize patching systems exposed to the internet and review access controls to limit the impact of potential exploitation. Immediate attention is warranted for products with critical CVSS scores and those with known public exploits.
1 months ago