CVE-2025-2292
Published: 31 March 2025
Description
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Security Summary
CVE-2025-2292 is an authenticated path traversal vulnerability (CWE-22) in Xorcom CompletePBX, affecting versions through 5.2.35. The flaw exists in the Backup and Restore functionality, enabling arbitrary file reads. It carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), indicating medium severity with high confidentiality impact.
An attacker with low-privilege authenticated access can exploit this over the network with low attack complexity and no user interaction. Exploitation allows reading arbitrary files on the affected system, potentially disclosing sensitive data such as configuration files or credentials.
Vendor advisories recommend upgrading to CompletePBX version 5.2.36-1, which addresses the issue, as detailed in Xorcom's release notes. Further technical analysis is provided in the VulnCheck advisory on CompletePBX file disclosure.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Authenticated path traversal enables arbitrary file reads on the local system, directly facilitating collection of sensitive data from files (T1005) including credentials (T1552.001).