cbcvebase.

Xorcom Completepbx vulnerabilities

4 known vulnerabilities affecting xorcom/completepbx.

Total CVEs
4
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-30004P2HIGHCVSS 8.8PoCfixed in 5.2.36.1≤ 5.2.352025-03-31
CVE-2025-30004 [HIGH] CWE-78 CVE-2025-30004: Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functional Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35
nvd
CVE-2025-30005P2HIGHCVSS 8.3PoCfixed in 5.2.36.1≤ 5.2.352025-03-31
CVE-2025-30005 [HIGH] CWE-22 CVE-2025-30005: Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which wil Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35
nvd
CVE-2025-2292P3MEDIUMCVSS 6.5PoCfixed in 5.2.36.1≤ 5.2.352025-03-31
CVE-2025-2292 [MEDIUM] CWE-22 CVE-2025-2292: Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file rea Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35.
nvd
CVE-2025-30006P4MEDIUMCVSS 6.1fixed in 5.2.36.1≤ 5.11.232025-03-31
CVE-2025-30006 [MEDIUM] CWE-79 CVE-2025-30006: Xorcom CompletePBX is vulnerable to a reflected cross-site scripting (XSS) in the administrative con Xorcom CompletePBX is vulnerable to a reflected cross-site scripting (XSS) in the administrative control panel. This issue affects CompletePBX: all versions up to and prior to 5.2.35
nvd
Xorcom Completepbx vulnerabilities | cvebase