Browse all 86 CVE security advisories affecting Rapid7. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Rapid7 operates primarily as a provider of security analytics and vulnerability management solutions, focusing on helping organizations identify, prioritize, and remediate security risks. Historically, its software products have exhibited vulnerabilities typical of complex enterprise applications, including remote code execution, cross-site scripting, and privilege escalation flaws. These issues often stem from improper input validation or insecure default configurations within its InsightVM and Metasploit frameworks. While the company maintains a robust security posture and actively patches disclosed issues, the high volume of recorded CVEs reflects the extensive attack surface inherent in its comprehensive toolset. Notable incidents have generally been resolved through prompt updates, though the frequency of findings underscores the challenges of securing large-scale, feature-rich security platforms. Continuous monitoring and strict access controls remain critical for mitigating these persistent risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2020-7384 | Client-Side Command Injection in Rapid7 Metasploit — MetasploitCWE-77 | 7.0 | High | 2020-10-29 |
| CVE-2017-5228 | Rapid7 Metasploit 路径遍历漏洞 — Metasploit | 8.3 | - | 2017-03-02 |
| CVE-2017-5229 | Rapid7 Metasploit 路径遍历漏洞 — Metasploit | 8.3 | - | 2017-03-02 |
| CVE-2017-5231 | Rapid7 Metasploit 路径遍历漏洞 — Metasploit | 8.3 | - | 2017-03-02 |
This page lists every published CVE security advisory associated with Rapid7. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.