CVE-2025-52207 is a critical security vulnerability identified in MikoPBX, a Private Branch Exchange (PBX) software product developed by MIKO. The vulnerability is classified as CWE-23, which corresponds to a Relative Path Traversal flaw. Specifically, the issue exists in the PBXCoreREST/Controllers/Files/PostController.php component of MikoPBX versions up to 2024.1.114. This flaw allows an attacker with at least limited privileges (PR:L) to upload a PHP script to an arbitrary directory on the server without requiring user interaction (UI:N). The vulnerability is remotely exploitable over the network (AV:N) with low attack complexity (AC:L). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component, potentially impacting the entire system. The CVSS v3.1 base score is 9.9, indicating a critical severity level. Exploiting this vulnerability could lead to full confidentiality and integrity compromise, with limited impact on availability. By uploading a malicious PHP script, an attacker could execute arbitrary code on the server, potentially gaining control over the PBX system, intercepting or manipulating calls, accessing sensitive communications data, or pivoting to other internal network resources. Although no known exploits are currently reported in the wild, the high severity and ease of exploitation make this a significant risk for organizations using MikoPBX. The lack of available patches at the time of publication further increases exposure.

For European organizations, the impact of CVE-2025-52207 could be severe, especially for enterprises and service providers relying on MikoPBX for telephony infrastructure. Compromise of PBX systems can lead to interception of sensitive voice communications, unauthorized call routing, toll fraud, and disruption of business communications. Given the critical nature of the vulnerability, attackers could gain persistent access to internal networks, potentially leading to broader data breaches or ransomware attacks. Industries such as finance, healthcare, government, and telecommunications in Europe are particularly at risk due to their reliance on secure and reliable communication systems. Additionally, the exposure of internal communications could violate GDPR regulations, leading to legal and financial penalties. The ability to upload arbitrary PHP scripts without user interaction and with low complexity means that even moderately skilled attackers could exploit this vulnerability remotely, increasing the threat landscape for European organizations.

To mitigate the risks posed by CVE-2025-52207, European organizations should implement the following specific measures: 1) Immediately restrict access to the MikoPBX management interfaces to trusted IP addresses and networks using firewall rules and network segmentation to reduce exposure. 2) Enforce strict privilege management to ensure only highly trusted users have access to the vulnerable upload functionality, minimizing the risk of exploitation by insiders or compromised accounts. 3) Monitor web server directories and file upload locations for unauthorized PHP or script files, employing file integrity monitoring tools to detect suspicious changes promptly. 4) Implement Web Application Firewalls (WAFs) with custom rules to detect and block path traversal attempts and suspicious file uploads targeting the PBXCoreREST API endpoints. 5) Regularly audit and review logs for unusual activities related to file uploads or access to the PostController.php endpoint. 6) Engage with MIKO for timely patching once updates become available and prioritize deployment of security updates. 7) As an interim measure, consider disabling or restricting the vulnerable upload functionality if feasible without disrupting business operations. 8) Conduct penetration testing and vulnerability assessments focused on telephony infrastructure to identify and remediate similar weaknesses.