CVE-2025-66253

{"id": "CVE-2025-66253", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-11-26T01:16:08.433", "references": [{"url": "https://www.abdulmhsblog.com/posts/webfmvulns/", "tags": ["Exploit", "Third Party Advisory"], "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce"}, {"url": "https://www.abdulmhsblog.com/posts/webfmvulns/", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Unauthenticated OS Command Injection (start_upgrade.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec() allows remote code execution via start_upgrade.php.\u00a0The `/var/tdf/start_upgrade.php` endpoint passes user-controlled `$_GET[\"filename\"]` directly into `exec()` without sanitization or shell escaping. Attackers can inject arbitrary shell commands using metacharacters (`;`, `|`, etc.) to achieve remote code execution as the web server user (likely root)."}], "lastModified": "2025-12-03T16:47:40.723", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_next_100_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2B25533-2EF5-4158-9505-1CD18463DB68"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_next_100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7834E460-78EE-456A-84F7-0DECE004BD80"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_next_1000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3497F7E-0433-444B-A58A-A795C8833966"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_next_1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FDEB3E77-E3D8-4878-BBE3-74530F3469B4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_next_2000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A975C91C-59BD-44AC-9F67-0682CE173738"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_next_2000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F30F6688-FCDA-4BA5-ABD9-0EB91CDF7631"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_next_30_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7B57D15-6192-4D68-9CC5-726E052E7DDD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_next_30:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EA1C3BA1-3E25-474B-B2A4-97136D6287BA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_next_300_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0130D6C-CE17-4046-B0EB-0AD2DA7DC6AC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_next_300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A04E5386-2B8E-4E5E-9766-CEA4887265D4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_next_3000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9F5D088-18AE-4388-83D7-66EBF03B3091"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_next_3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E5427DF7-CBAB-4BB9-9175-B7EC7012EAD0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_next_3500_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "285B4AB4-1F69-445E-B2D3-A0C140B55990"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_next_3500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "90E84970-55F7-41CB-814E-085BACFAAA91"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_next_50_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CD961FB-E86A-4346-9B8D-3658C7BD818F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_next_50:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "56699CC2-C823-4397-8C76-BC165E48D6E0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_next_500_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93081491-7BD5-4AD8-B9A9-4017BD531955"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_next_500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F2D2A2EE-4D89-40F7-82CF-15B01BCCA5D7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_next_6000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47A934D3-C948-4618-8B1F-5C69FBE404D6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_next_6000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4A4CEBFA-FFFA-48C0-AF1A-2FF83B9881B6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_next_7000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96CBA55F-3917-4E2D-80DF-3F13B1089E1B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_next_7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D56DC454-9330-48A3-9297-1DF0609774EB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_dds_next_30_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51C964CD-4DFC-490B-87BE-5BF6A8C31818"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_dds_next_30:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E1A32EF5-D307-4012-A0F5-F12CA14256B8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_dds_next_50_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DA06D91-2A84-4980-B025-E2AB6B7A4A2E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_dds_next_50:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E965758E-A526-47B0-81DB-F1A253F1DA09"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_dds_next_100_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "406B147C-3918-4DBA-B26A-68A3FB569D80"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_dds_next_100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1CBCB7BF-0053-4D3C-823F-C7D1465AF024"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_dds_next_300_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04FB53B4-6B83-42FA-9959-03652DD7A26F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_dds_next_300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8DE66740-2E9E-40B1-AA15-EAB1A5574C9E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_dds_next_500_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4C733E9-67C2-415D-BBAE-85DD5E5B775A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_dds_next_500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F40B30CD-8FF7-403D-A882-AECF0331255B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_dds_next_1000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F7AA00D-A38B-409D-8258-C0222499287F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_dds_next_1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5F6949E5-3C57-4298-8E06-F1A034321755"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_dds_next_2000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD39D574-E20A-4592-A65E-12B3F8707F47"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_dds_next_2000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8557A5A5-871A-48FC-BA63-C0BB1D649C86"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_dds_next_3000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "312829A7-688F-4949-A373-9E55FEE7DBAD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_dds_next_3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FAD7B722-A221-47CA-8E2E-4BD27E57DDE5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_dds_next_3500_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64F7857F-A7D7-4A54-BF1B-47CE856EDFDD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_dds_next_3500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3A9ADD17-C038-48A6-9E77-7EE16288261C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_dds_next_6000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "356E12B5-32FF-4114-9DD4-1972D2FAB281"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_dds_next_6000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7315EAF4-23FD-4410-A477-3AA1F822C268"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dbbroadcast:mozart_dds_next_7000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91C3B94F-F8A6-49F6-86E9-2FFFB8CF2E8A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dbbroadcast:mozart_dds_next_7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F451E5A5-3429-4AEC-A968-A25C2C232C5A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "b7efe717-a805-47cf-8e9a-921fca0ce0ce"}