PatchSiren cyber security CVE debrief

CVE-2017-5231 Rapid7 CVE debrief

CVE-2017-5231 is a directory traversal issue in Rapid7 Metasploit’s Meterpreter stdapi CommandDispatcher.cmd_download() function. A specially crafted Meterpreter build can write to an arbitrary directory on the Metasploit console using the permissions of the running Metasploit instance. CVSS is HIGH (7.1). The CVE was published on 2017-03-02 and later modified by NVD on 2026-05-13.

Vendor: Rapid7
Product: CVE-2017-5231
CVSS: HIGH 7.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-03-02
Original CVE updated: 2026-05-13
Advisory published: 2017-03-02
Advisory updated: 2026-05-13

Who should care

Administrators and operators running Rapid7 Metasploit instances, especially environments that accept or process Meterpreter payloads. Security teams that package, automate, or embed Metasploit should verify they are on a fixed release and review any systems that could be affected by arbitrary file writes from a malicious payload.

Technical summary

The weakness is classified as CWE-22 (path traversal). In the vulnerable Meterpreter stdapi CommandDispatcher.cmd_download() path handling, a crafted Meterpreter build can cause the Metasploit console to write files outside the intended directory. The reported impact is arbitrary directory write with the privileges of the running Metasploit process. The source corpus lists Metasploit versions vulnerable up to 4.13.19 in NVD’s CPE criteria, while the vendor advisory referenced in the corpus points to a fix in 4.13.0-2017020701.

Defensive priority

High. Although exploitation requires a crafted Meterpreter build and user interaction is present in the CVSS vector, the outcome can be file placement in unintended locations on a Metasploit console host. That can affect integrity and may create a foothold for follow-on abuse if the console host is trusted or highly privileged.

Recommended defensive actions

Upgrade Rapid7 Metasploit to a fixed release at or above the vendor-provided remediation version referenced in the advisory.
If you rely on package metadata, verify the vulnerable version range against both the vendor advisory and NVD CPE criteria before scheduling maintenance.
Limit who can introduce or run Meterpreter builds in your environment, and treat untrusted payloads as hostile.
Review Metasploit console hosts for unexpected files or directories created around the time suspicious payloads were processed.
Apply least privilege to the Metasploit service account so any file-write impact is minimized.
Monitor for anomalous Meterpreter activity and payload handling in environments that use Metasploit operationally.

Evidence notes

This debrief is based only on the supplied corpus: the CVE record, NVD source item, and the Rapid7 advisory link listed in the source metadata. The CVE was published on 2017-03-02T20:59:00.610Z and NVD later modified the entry on 2026-05-13T00:24:29.033Z. The corpus describes a directory traversal in Meterpreter stdapi CommandDispatcher.cmd_download(), classifies it as CWE-22, and reports a CVSS 3.0 vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L.

Official resources

CVE-2017-5231 CVE record
CVE.org
CVE-2017-5231 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory

CVE published 2017-03-02; NVD last modified 2026-05-13. No KEV entry is listed in the supplied data.