CVE-2025-66255
CRITICALDescription
Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages. The firmware upgrade endpoint in `upgrade_contents.php` accepts arbitrary file uploads without validating file headers, cryptographic signatures, or enforcing .tgz format requirements, allowing malicious firmware injection. This endpoint also subsequently provides ways for arbitrary file uploads and subsequent remote code execution
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| dbbroadcast | mozart_next_3000_firmware |
| dbbroadcast | mozart_next_3000 |
| dbbroadcast | mozart_next_3500_firmware |
| dbbroadcast | mozart_next_3500 |
| dbbroadcast | mozart_next_50_firmware |
| dbbroadcast | mozart_next_50 |
| dbbroadcast | mozart_next_500_firmware |
| dbbroadcast | mozart_next_500 |
| dbbroadcast | mozart_next_6000_firmware |
| dbbroadcast | mozart_next_6000 |
| dbbroadcast | mozart_next_7000_firmware |
| dbbroadcast | mozart_next_7000 |
| dbbroadcast | mozart_next_100_firmware |
| dbbroadcast | mozart_next_100 |
| dbbroadcast | mozart_next_1000_firmware |
| dbbroadcast | mozart_next_1000 |
| dbbroadcast | mozart_next_2000_firmware |
| dbbroadcast | mozart_next_2000 |
| dbbroadcast | mozart_next_30_firmware |
| dbbroadcast | mozart_next_30 |
| dbbroadcast | mozart_next_300_firmware |
| dbbroadcast | mozart_next_300 |
| dbbroadcast | mozart_dds_next_30_firmware |
| dbbroadcast | mozart_dds_next_30 |
| dbbroadcast | mozart_dds_next_50_firmware |
| dbbroadcast | mozart_dds_next_50 |
| dbbroadcast | mozart_dds_next_100_firmware |
| dbbroadcast | mozart_dds_next_100 |
| dbbroadcast | mozart_dds_next_300_firmware |
| dbbroadcast | mozart_dds_next_300 |
| dbbroadcast | mozart_dds_next_500_firmware |
| dbbroadcast | mozart_dds_next_500 |
| dbbroadcast | mozart_dds_next_1000_firmware |
| dbbroadcast | mozart_dds_next_1000 |
| dbbroadcast | mozart_dds_next_2000_firmware |
| dbbroadcast | mozart_dds_next_2000 |
| dbbroadcast | mozart_dds_next_3000_firmware |
| dbbroadcast | mozart_dds_next_3000 |
| dbbroadcast | mozart_dds_next_3500_firmware |
| dbbroadcast | mozart_dds_next_3500 |
| dbbroadcast | mozart_dds_next_6000_firmware |
| dbbroadcast | mozart_dds_next_6000 |
| dbbroadcast | mozart_dds_next_7000_firmware |
| dbbroadcast | mozart_dds_next_7000 |
References
Frequently Asked Questions
What is CVE-2025-66255? +
How severe is CVE-2025-66255? +
What products are affected by CVE-2025-66255? +
How do I check if I'm vulnerable to CVE-2025-66255? +
Related Vulnerabilities
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed …
Roadiz is a polymorphic content management system based on a node system. Prior to versions 2.3.43, 2.5.45, 2.6.31, and 2.7.18, …
Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated …
stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege …
Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior …
RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in …