CVE-2025-30004
HIGHCVSS v3
8.8
HIGH
EPSS Score
78.6%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35
Technical Details
- Published
- 3/31/2025
Frequently Asked Questions
What is CVE-2025-30004?
Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35
Is CVE-2025-30004 actively exploited?
Active exploitation of CVE-2025-30004 has not been confirmed. The EPSS score is 78.6%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2025-30004?
CVE-2025-30004 has a CVSS v3 base score of 8.8 (HIGH severity).
Is CVE-2025-30004 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.