CVE-2025-30004
published 2025-03-31CVE-2025-30004: Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands…
PriorityP270high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
3.76%
88.5th percentile
Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user.
This issue affects CompletePBX: all versions up to and prior to 5.2.35
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | cbl2_wpa_supplicant_2.9-4_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_wpa_supplicant_2.9-4_on_cbl_mariner_1.0 | — | — |
| xorcom | completepbx | < 5.2.36.1 | 5.2.36.1 |
| xorcom | completepbx | <= 5.2.35 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for command injection attempts targeting the Task Scheduler functionality in Xorcom CompletePBX's administrator interface, specifically looking for unsanitized user-controlled input being passed to system commands. ↗
- →Alert on exploitation attempts originating from the 'admin' (superadmin) account specifically, as only this account has the necessary permissions to trigger the vulnerability — lower-privileged accounts cannot exploit it. ↗
- →Monitor for processes spawned as root from the CompletePBX web server process, which may indicate successful command injection via the Task Scheduler. ↗
- ·Exploitation requires authentication as the 'admin' superadmin account; standard privileged users cannot trigger the vulnerability, so detections should be scoped accordingly. ↗
- ·All CompletePBX versions up to and including 5.2.35 are affected; ensure patching to versions beyond 5.2.35 to remediate. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-43h8-fqwq-8xx5: Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary c
ghsa_unreviewed·2025-03-31
CVE-2025-30004 [CRITICAL] CWE-78 GHSA-43h8-fqwq-8xx5: Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary c
Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user.
This issue affects CompletePBX: all versions up to and prior to 5.2.35
Microsoft
In wpa_supplicant and hostapd 2.9 forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
vendor_msrc·2021-04-13·CVSS 5.3
CVE-2021-30004 [MEDIUM] CWE-20 In wpa_supplicant and hostapd 2.9 forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
In wpa_supplicant and hostapd 2.9 forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
mitre: mitre
No detection rules found.
No writeups or analysis indexed.
2025-03-31
Published