exploitDog

CVE-2025-30004

Опубликовано: 31 мар. 2025

Источник: nvd

CVSS3: 8.8

EPSS Средний

Описание

Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user.

This issue affects CompletePBX: all versions up to and prior to 5.2.35

Ссылки

https://vulncheck.com/advisories/completepbx-authenticated-command-injection
Third Party Advisory
https://www.xorcom.com/new-completepbx-release-5-2-36-1/
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xorcom:completepbx:*:*:*:*:*:*:*:*

Версия до 5.2.36.1 (исключая)

EPSS

Процентиль: 98%

0.61226

Средний

8.8 High

CVSS3

Дефекты

CWE-78

Связанные уязвимости

GHSA-43h8-fqwq-8xx5

CVSS3: 9.1

github

10 месяцев назад

Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35

EPSS

Процентиль: 98%

0.61226

Средний

8.8 High

CVSS3

Дефекты

CWE-78