CVE-2025-2292 – Xorcom CompletePBX versions through 5.2.35 cont... (How to Fix)

Q: What is the severity of CVE-2025-2292?

CVE-2025-2292 has a CVSS score of 6.5 (MEDIUM). Xorcom CompletePBX versions through 5.2.35 contain an authenticated path traversal vulnerability in the Backup and Restore functionality. This allows authenticated attackers to read arbitrary files on the system. Organizations running affected CompletePBX versions are at risk.

📋 TL;DR

Xorcom CompletePBX versions through 5.2.35 contain an authenticated path traversal vulnerability in the Backup and Restore functionality. This allows authenticated attackers to read arbitrary files on the system. Organizations running affected CompletePBX versions are at risk.

💻 Affected Systems

Products:

Xorcom CompletePBX

Versions: through 5.2.35

Operating Systems: Linux-based PBX systems

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the CompletePBX web interface.

📦 What is this software?

Completepbx by Xorcom

View all CVEs affecting Completepbx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive system files, configuration files, or credential files, potentially leading to full system compromise.

🟠

Likely Case

Attackers with valid credentials can exfiltrate sensitive configuration data, user information, or system files.

🟢

If Mitigated

With proper access controls and network segmentation, impact is limited to file disclosure within the application's context.

🌐 Internet-Facing: MEDIUM - Requires authentication but could be exploited if exposed to internet with valid credentials.

🏢 Internal Only: MEDIUM - Internal attackers with credentials could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to the Backup and Restore functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.2.36.1

Vendor Advisory: https://www.xorcom.com/new-completepbx-release-5-2-36-1/

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Download CompletePBX 5.2.36.1 from Xorcom. 3. Follow vendor upgrade instructions. 4. Restart the PBX system.

🔧 Temporary Workarounds

Restrict Backup and Restore Access

all

Limit access to the Backup and Restore functionality to only necessary administrative users.

Network Segmentation

all

Isolate CompletePBX systems from sensitive network segments and restrict external access.

🧯 If You Can't Patch

Implement strict access controls and multi-factor authentication for all administrative accounts
Monitor and audit access to the Backup and Restore functionality for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check CompletePBX version via web interface or command line. Versions 5.2.35 and earlier are vulnerable.

Check Version:

Check web interface dashboard or run 'dpkg -l | grep completepbx' on the system

Verify Fix Applied:

Verify system is running CompletePBX version 5.2.36.1 or later.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns via Backup/Restore functionality
Multiple failed authentication attempts followed by successful login

Network Indicators:

Unusual outbound data transfers from PBX system
Traffic patterns indicating file enumeration

SIEM Query:

source="completepbx" AND (event="backup" OR event="restore") AND file_path CONTAINS ".."

📊 Metadata

CVE ID: CVE-2025-2292

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 68.8% exploit probability (98.6th percentile)

Published: March 31, 2025

Last Updated: December 27, 2025

🔗 References

https://vulncheck.com/advisories/completepbx-file-disclosure Third Party Advisory
https://www.xorcom.com/new-completepbx-release-5-2-36-1/ Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2292, you might also want to check these: