Completepbx Security Vulnerabilities and Issues — Completepbx CVE List

Lucene search

XorcomCompletepbx

4 matches found

CVE•added 2025/03/31 5:15 p.m.•80 views

CVE-2025-2292

Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35.

6.5CVSS5.2AI score0.42381EPSS

Web

CVE•added 2025/03/31 5:15 p.m.•74 views

CVE-2025-30005

Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35

8.3CVSS6.6AI score0.5313EPSS

CVE•added 2025/03/31 5:15 p.m.•70 views

CVE-2025-30004

Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35

9.1CVSS9.8AI score0.52013EPSS

CVE•added 2025/03/31 5:15 p.m.•51 views

CVE-2025-30006

Xorcom CompletePBX is vulnerable to a reflected cross-site scripting (XSS) in the administrative control panel. This issue affects CompletePBX: all versions up to and prior to 5.2.35

6.1CVSS6AI score0.00024EPSS