CVE-2025-30004

HIGH

CVSS v3

8.8

HIGH

EPSS Score

78.6%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35

Technical Details

Published
3/31/2025

Frequently Asked Questions

What is CVE-2025-30004?

Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35

Is CVE-2025-30004 actively exploited?

Active exploitation of CVE-2025-30004 has not been confirmed. The EPSS score is 78.6%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2025-30004?

CVE-2025-30004 has a CVSS v3 base score of 8.8 (HIGH severity).

Is CVE-2025-30004 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.