📄 Xorcom CompletePBX 5.2.35 Remote Code Execution

Xorcom CompletePBX suffers from an authenticated command injection vulnerability within the Task Scheduler subsystem. An attacker with valid superadmin credentials can create a scheduled task containing unsanitized parameters that get executed by the backend, resulting in remote command execution...

EUVD-2025-8860

Malicious code in bioql PyPI...

CVE-2025-30005

Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

CVE-2025-30006

Xorcom CompletePBX is vulnerable to a reflected cross-site scripting XSS in the administrative control panel. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

EUVD-2025-8862

Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

EUVD-2025-8863

Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

CVE-2025-30006

Xorcom CompletePBX is vulnerable to a reflected cross-site scripting XSS in the administrative control panel. This issue affects CompletePBX: all versions up to and prior to 5.2.35...

CVE-2025-30005

Xorcom CompletePBX

CVE-2025-2292

Xorcom CompletePBX (pre-5.2.36) is affected by an authenticated path traversal in the Backup and Restore function, enabling arbitrary file reads. The issue exists in CompletePBX up to version 5.2.35. Public advisories and tooling (e.g., Metasploit module) reference an authenticated file-disclosur...

Xorcom CompletePBX 路径遍历漏洞

Xorcom CompletePBX is an Asterisk-based enterprise-class IP telephony system from Xorcom Israel. A path traversal vulnerability exists in Xorcom CompletePBX version 5.2.35 and earlier, which stems from path traversal and could lead to arbitrary file reads...

PT-2025-13802

Name of the Vulnerable Software and Affected Versions Xorcom CompletePBX versions prior to 5.2.35 Description The issue affects the administrator Task Scheduler functionality, allowing attackers to execute arbitrary commands as the root user. Recommendations For versions prior to 5.2.35, update t...