CVE-2025-30005 is a path traversal vulnerability classified under CWE-22 found in the Diagnostics reporting module of Xorcom CompletePBX, a telephony system widely used in enterprise environments. The vulnerability allows an attacker with network access and low privileges to manipulate file path inputs to access arbitrary files outside the intended directory scope. This can lead to unauthorized disclosure of sensitive information by reading arbitrary files on the system. Additionally, the vulnerability enables deletion of any retrieved file, which could be exploited to tamper with system files or logs, impacting system integrity. The flaw affects all versions of CompletePBX up to and including 5.2.35. The vulnerability does not require user interaction and has a low attack complexity, making exploitation feasible in many scenarios. The CVSS v3.1 base score of 8.3 reflects high confidentiality and integrity impacts, with a low impact on availability. No known exploits are currently reported in the wild, but the potential for exploitation remains significant given the nature of the vulnerability and the critical role of telephony systems in business communications.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of telephony systems and potentially connected infrastructure. Unauthorized file access could expose sensitive configuration files, credentials, or call records, leading to data breaches or espionage. The ability to delete files could disrupt telephony services or cover tracks after an intrusion, complicating incident response. Organizations relying on CompletePBX for critical communications, especially in regulated sectors such as finance, healthcare, and government, face compliance and operational risks. The vulnerability could also be leveraged as a foothold for further lateral movement within networks. Given the network-exploitable nature and low privilege requirement, attackers could exploit this vulnerability remotely, increasing the threat surface for European enterprises.

Immediate mitigation steps include restricting network access to the Diagnostics reporting module using network segmentation, firewalls, or VPNs to limit exposure. Administrators should monitor file system integrity and audit logs for unusual file access or deletion activities. Employing application-layer access controls and input validation can reduce exploitation risk. Since no official patches are currently listed, organizations should engage with Xorcom for updates and apply patches promptly once released. Additionally, consider deploying intrusion detection systems tuned to detect path traversal attempts targeting CompletePBX. Backup critical configuration and call data regularly to enable recovery from potential file deletions. Finally, conduct security awareness training for administrators to recognize and respond to signs of exploitation.