CVE-2025-66255

Q: What is the severity of CVE-2025-66255?

CVE-2025-66255 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated attackers to upload malicious firmware files to Mozart FM Transmitter devices, potentially leading to remote code execution. It affects all listed models (30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000) due to missing signature validation in the upgrade_contents.php endpoint.

9.8 CRITICAL

Remote Code Execution

📋 TL;DR

This vulnerability allows unauthenticated attackers to upload malicious firmware files to Mozart FM Transmitter devices, potentially leading to remote code execution. It affects all listed models (30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000) due to missing signature validation in the upgrade_contents.php endpoint.

💻 Affected Systems

Products:

DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter

Versions: All versions (30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000)

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations are vulnerable as the flaw is in the firmware upgrade mechanism itself.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with persistent backdoor installation, data exfiltration, and use as pivot point into internal networks.

🟠

Likely Case

Remote code execution leading to device takeover, service disruption, and potential lateral movement within the network.

🟢

If Mitigated

Limited impact if network segmentation prevents external access and strict firewall rules are in place.

🌐 Internet-Facing: HIGH - The vulnerability is unauthenticated and allows direct file upload, making internet-exposed devices immediate targets.

🏢 Internal Only: HIGH - Even internally, any attacker with network access can exploit this without credentials.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is well-documented with public technical details, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Contact DB Electronica Telecomunicazioni S.p.A. for firmware updates 2. Apply any available patches 3. Restart affected devices

🔧 Temporary Workarounds

Network Access Restriction

linux

Block external access to the device's web interface and upgrade endpoint

iptables -A INPUT -p tcp --dport 80 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

Endpoint Disablement

all

Disable or remove the vulnerable upgrade_contents.php file if not needed

mv /path/to/upgrade_contents.php /path/to/upgrade_contents.php.disabled

🧯 If You Can't Patch

Isolate affected devices in a separate VLAN with strict firewall rules
Implement network monitoring for unusual file upload attempts to the upgrade endpoint

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a test file to /upgrade_contents.php without authentication. If accepted, the device is vulnerable.

Check Version:

Check device web interface or contact vendor for firmware version information

Verify Fix Applied:

Verify that file uploads to /upgrade_contents.php now require authentication and proper signature validation.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /upgrade_contents.php
File uploads from unexpected IP addresses
Firmware upgrade logs without proper authentication

Network Indicators:

HTTP POST requests to /upgrade_contents.php from external IPs
Large file transfers to the device on port 80

SIEM Query:

source="web_logs" AND uri="/upgrade_contents.php" AND method="POST" AND user_agent NOT IN ("legitimate_user_agents")

📊 Metadata

CVE ID: CVE-2025-66255

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-345

EPSS Score: 0.2% exploit probability (41.3th percentile)

Published: November 26, 2025

Last Updated: December 3, 2025

🔗 References

https://www.abdulmhsblog.com/posts/webfmvulns/ Exploit,Third Party Advisory
https://www.abdulmhsblog.com/posts/webfmvulns/ Exploit,Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mozart Dds Next 100 Firmware by Dbbroadcast

Mozart Dds Next 1000 Firmware by Dbbroadcast

Mozart Dds Next 2000 Firmware by Dbbroadcast

Mozart Dds Next 30 Firmware by Dbbroadcast

Mozart Dds Next 300 Firmware by Dbbroadcast

Mozart Dds Next 3000 Firmware by Dbbroadcast

Mozart Dds Next 3500 Firmware by Dbbroadcast

Mozart Dds Next 50 Firmware by Dbbroadcast

Mozart Dds Next 500 Firmware by Dbbroadcast

Mozart Dds Next 6000 Firmware by Dbbroadcast

Mozart Dds Next 7000 Firmware by Dbbroadcast

Mozart Next 100 Firmware by Dbbroadcast

Mozart Next 1000 Firmware by Dbbroadcast

Mozart Next 2000 Firmware by Dbbroadcast

Mozart Next 30 Firmware by Dbbroadcast

Mozart Next 300 Firmware by Dbbroadcast

Mozart Next 3000 Firmware by Dbbroadcast

Mozart Next 3500 Firmware by Dbbroadcast

Mozart Next 50 Firmware by Dbbroadcast

Mozart Next 500 Firmware by Dbbroadcast

Mozart Next 6000 Firmware by Dbbroadcast

Mozart Next 7000 Firmware by Dbbroadcast