cbcvebase.
CVE-2025-30005
published 2025-03-31

CVE-2025-30005: Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete…

PriorityP260high8.3CVSS 3.1
AVNACLPRLUINSUCHIHAL
EXPLOIT
EPSS
1.58%
72.5th percentile
Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35

Affected

2 ranges
VendorProductVersion rangeFixed in
xorcomcompletepbx< 5.2.36.15.2.36.1
xorcomcompletepbx<= 5.2.35

Detection & IOCsextracted from sources · hover to see the quote

url/index.php?menu=diagnostics
othersystemDataFileName
  • Monitor HTTP requests to the CompletePBX diagnostics module containing path traversal sequences (e.g., '../') in the `systemDataFileName` parameter, which may indicate exploitation of CVE-2025-30005.
  • Alert on file deletions on the CompletePBX host that correlate with diagnostic report requests — successful exploitation deletes the retrieved file from the target system.
  • A Metasploit auxiliary module exists for this CVE (auxiliary/scanner/http/xorcom_completepbx_diagnostics_file_read); presence of this module's traffic patterns or User-Agent strings in web logs should be treated as a high-confidence exploitation indicator.
  • ·Exploitation requires prior authentication; unauthenticated access alone is insufficient to trigger the path traversal.
  • ·All CompletePBX versions up to and including 5.2.35 are affected; detections should be scoped to this version range.
  • ·Exploitation is destructive by design — the targeted file is deleted after retrieval, which may complicate forensic investigation and should be factored into incident response playbooks.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.