Cyber Posture

CVE-2025-2292

MediumPublic PoC

Published: 31 March 2025

Published
31 March 2025
Modified
27 December 2025
KEV Added
Patch
CVSS Score 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.5280 98.0th percentile
Risk Priority 45 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2292 is a medium-severity Path Traversal (CWE-22) vulnerability in Xorcom Completepbx. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 2.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AU-13 (Monitoring for Information Disclosure) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the path traversal vulnerability by requiring timely application of the vendor-recommended upgrade to CompletePBX version 5.2.36-1.

SI-10 Information Input Validation good match
prevent

Enforces input validation on file paths in the Backup and Restore functionality to block path traversal attempts (CWE-22).

AU-13 Monitoring for Information Disclosure good match
detect

Monitors for unauthorized file disclosures through the vulnerable Backup and Restore feature, enabling detection of exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
attack.mitre.org →
Why these techniques?

Authenticated path traversal enables arbitrary file reads on the local system, directly facilitating collection of sensitive data from files (T1005) including credentials (T1552.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35.

Deeper analysisAI

CVE-2025-2292 is an authenticated path traversal vulnerability (CWE-22) in Xorcom CompletePBX, affecting versions through 5.2.35. The flaw exists in the Backup and Restore functionality, enabling arbitrary file reads. It carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), indicating medium severity with high confidentiality impact.

An attacker with low-privilege authenticated access can exploit this over the network with low attack complexity and no user interaction. Exploitation allows reading arbitrary files on the affected system, potentially disclosing sensitive data such as configuration files or credentials.

Vendor advisories recommend upgrading to CompletePBX version 5.2.36-1, which addresses the issue, as detailed in Xorcom's release notes. Further technical analysis is provided in the VulnCheck advisory on CompletePBX file disclosure.

Details

CWE(s)
CWE-22

Affected Products

xorcom
completepbx
≤ 5.2.36.1

CVEs Like This One

CVE-2025-30005Same product: Xorcom Completepbx
CVE-2025-30004Same product: Xorcom Completepbx
CVE-2026-33166Shared CWE-22
CVE-2026-24849Shared CWE-22
CVE-2026-23491Shared CWE-22
CVE-2026-0651Shared CWE-22
CVE-2026-35668Shared CWE-22
CVE-2025-1035Shared CWE-22
CVE-2026-26985Shared CWE-22
CVE-2026-4659Shared CWE-22

References