CVE-2025-30005

High CVSS: 8.3

Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report.

This issue affects CompletePBX: all versions up to and prior to 5.2.35

Vendor

Xorcom

Product

Completepbx

CWE

CWE-22

Yayın Tarihi

2025-03-31 17:15:41

Güncelleme

2025-12-27 17:15:47

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-22 Completepbx HIGH Xorcom 2025

Referanslar

https://vulncheck.com/advisories/completepbx-path-traversal-file-deletion https://www.xorcom.com/new-completepbx-release-5-2-36-1/

Benzer Kayıtlar

Medium

CVE-2025-30006

Xorcom CompletePBX is vulnerable to a reflected cross-site scripting (XSS) in the administrative control panel. This…

High

CVE-2025-30004

Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for at…

Medium

CVE-2025-2292

Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup an…