CVE-2025-30005
Published: 31 March 2025
Summary
CVE-2025-30005 is a high-severity Path Traversal (CWE-22) vulnerability in Xorcom Completepbx. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
Xorcom CompletePBX versions up to and including 5.2.35 contain a path traversal vulnerability (CWE-22) in the Diagnostics reporting module. The flaw permits an attacker to supply crafted paths that result in arbitrary file reads, after which the retrieved file is deleted in place of the expected report output.
An authenticated user with network access can exploit the issue without user interaction. Successful attacks yield high confidentiality and integrity impact by exposing sensitive files on the system and permanently removing them, while availability is only partially affected.
The vendor released CompletePBX 5.2.36-1 to address the vulnerability, as noted in the accompanying advisory from Xorcom and the detailed write-up published by VulnCheck. Organizations should apply the update promptly and restrict access to the Diagnostics module until patched.
The EPSS score has reached a peak of 0.7471 with a current value of 0.7019, indicating sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8862
Vulnerability details
Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to…
more
and prior to 5.2.35
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in public-facing PBX web diagnostics module directly enables remote file read (T1005) and deletion (T1070.004) by low-priv users, which is exploitation of a public-facing application (T1190).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents path traversal exploitation by validating and rejecting malicious file path inputs in the Diagnostics reporting module.
Mitigates the vulnerability by identifying and patching the path traversal flaw as recommended in the vendor upgrade to CompletePBX 5.2.36.
Detects unauthorized file deletions resulting from exploitation through integrity monitoring of system files.