CVE-2025-30005
published 2025-03-31CVE-2025-30005: Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete…
PriorityP260high8.3CVSS 3.1
AVNACLPRLUINSUCHIHAL
EXPLOIT
EPSS
1.58%
72.5th percentile
Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report.
This issue affects CompletePBX: all versions up to and prior to 5.2.35
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xorcom | completepbx | < 5.2.36.1 | 5.2.36.1 |
| xorcom | completepbx | <= 5.2.35 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to the CompletePBX diagnostics module containing path traversal sequences (e.g., '../') in the `systemDataFileName` parameter, which may indicate exploitation of CVE-2025-30005. ↗
- →Alert on file deletions on the CompletePBX host that correlate with diagnostic report requests — successful exploitation deletes the retrieved file from the target system. ↗
- →A Metasploit auxiliary module exists for this CVE (auxiliary/scanner/http/xorcom_completepbx_diagnostics_file_read); presence of this module's traffic patterns or User-Agent strings in web logs should be treated as a high-confidence exploitation indicator. ↗
- ·Exploitation requires prior authentication; unauthenticated access alone is insufficient to trigger the path traversal. ↗
- ·All CompletePBX versions up to and including 5.2.35 are affected; detections should be scoped to this version range. ↗
- ·Exploitation is destructive by design — the targeted file is deleted after retrieval, which may complicate forensic investigation and should be factored into incident response playbooks. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2025-03-31
Published