CVE-2025-30004

HIGH

Xorcom CompletePBX <5.2.35 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-30004. PoCs published by Valentin Lobstein, including Metasploit module exploits/linux/http/xorcom_completepbx_scheduler.

AI-analyzed exploit summary This Metasploit module exploits an authenticated command injection vulnerability in Xorcom CompletePBX's task scheduler. It creates a malicious task with a payload-encoded command, executes it, and cleans up by deleting the task.

Description

Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35

Exploits (1)

metasploit WORKING POC EXCELLENT
by Valentin Lobstein · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/xorcom_completepbx_scheduler.rb

This Metasploit module exploits an authenticated command injection vulnerability in Xorcom CompletePBX's task scheduler. It creates a malicious task with a payload-encoded command, executes it, and cleans up by deleting the task.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Xorcom CompletePBX <= 5.2.35
Auth required
Prerequisites: Valid admin credentials · Access to the task scheduler functionality
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References

Scores

CVSS v3 8.8
EPSS 0.7058
EPSS Percentile 98.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (1)
xorcom/completepbx < 5.2.36.1
Published Mar 31, 2025
Tracked Since Feb 18, 2026