CVE-2025-2292

MEDIUM

Xorcom CompletePBX <= 5.2.35 - Authenticated Path Traversal via Backup and Restore Functionality

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-2292. PoCs published by Valentin Lobstein, including Metasploit module auxiliary/scanner/http/xorcom_completepbx_file_disclosure.

AI-analyzed exploit summary This Metasploit module exploits an authenticated file disclosure vulnerability in Xorcom CompletePBX <= 5.2.35 by manipulating the backup download function to retrieve arbitrary files as root via a Base64-encoded path.

Description

Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35.

Exploits (1)

metasploit WORKING POC
by Valentin Lobstein · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/xorcom_completepbx_file_disclosure.rb

This Metasploit module exploits an authenticated file disclosure vulnerability in Xorcom CompletePBX <= 5.2.35 by manipulating the backup download function to retrieve arbitrary files as root via a Base64-encoded path.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Xorcom CompletePBX <= 5.2.35
Auth required
Prerequisites: Valid admin credentials · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory third-party-advisory
https://vulncheck.com/advisories/completepbx-file-disclosure

Scores

CVSS v3 6.5
EPSS 0.0141
EPSS Percentile 69.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (1)
xorcom/completepbx < 5.2.36.1
Published Mar 31, 2025
Tracked Since Feb 18, 2026