CVE-2025-66256

Q: What is the severity of CVE-2025-66256?

CVE-2025-66256 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated attackers to upload arbitrary files to Mozart FM Transmitter devices via the patch_contents.php endpoint. Attackers can upload malicious files including webshells, leading to potential remote code execution. All Mozart FM Transmitter models versions 30 through 7000 are affected.

9.8 CRITICAL

Remote Code Execution

📋 TL;DR

This vulnerability allows unauthenticated attackers to upload arbitrary files to Mozart FM Transmitter devices via the patch_contents.php endpoint. Attackers can upload malicious files including webshells, leading to potential remote code execution. All Mozart FM Transmitter models versions 30 through 7000 are affected.

💻 Affected Systems

Products:

DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter

Versions: 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All affected versions have the vulnerable endpoint enabled by default with no authentication required.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via webshell upload leading to remote code execution, data theft, device takeover, and lateral movement within the network.

🟠

Likely Case

Attackers upload webshells to gain persistent access, execute arbitrary commands, and potentially pivot to other network devices.

🟢

If Mitigated

With proper network segmentation and access controls, impact limited to the FM transmitter device itself.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP POST request to upload files, no authentication or special conditions required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

No official patch available. Contact vendor for updates and apply workarounds immediately.

🔧 Temporary Workarounds

Block patch_contents.php endpoint

linux

Use web server or firewall rules to block access to the vulnerable endpoint

iptables -A INPUT -p tcp --dport 80 -m string --string "patch_contents.php" --algo bm -j DROP
iptables -A INPUT -p tcp --dport 443 -m string --string "patch_contents.php" --algo bm -j DROP

Restrict network access

linux

Place FM transmitters behind firewalls with strict inbound rules

iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 80 -j DROP
iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Isolate affected devices in separate VLAN with strict firewall rules
Implement network monitoring for suspicious file upload attempts to patch_contents.php

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a test file via POST to http://[device_ip]/var/tdf/patch_contents.php

Check Version:

Check device web interface or contact vendor for version information

Verify Fix Applied:

Verify patch_contents.php endpoint returns 403/404 or file upload fails

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /var/tdf/patch_contents.php
Unusual file uploads to transmitter device

Network Indicators:

HTTP POST requests with file uploads to patch_contents.php endpoint
Suspicious outbound connections from transmitter device

SIEM Query:

source="web_logs" AND uri="/var/tdf/patch_contents.php" AND method="POST"

📊 Metadata

CVE ID: CVE-2025-66256

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

EPSS Score: 0.08% exploit probability (24th percentile)

Published: November 26, 2025

Last Updated: December 3, 2025

🔗 References

https://www.abdulmhsblog.com/posts/webfmvulns/ Exploit,Third Party Advisory
https://www.abdulmhsblog.com/posts/webfmvulns/ Exploit,Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mozart Dds Next 100 Firmware by Dbbroadcast

Mozart Dds Next 1000 Firmware by Dbbroadcast

Mozart Dds Next 2000 Firmware by Dbbroadcast

Mozart Dds Next 30 Firmware by Dbbroadcast

Mozart Dds Next 300 Firmware by Dbbroadcast

Mozart Dds Next 3000 Firmware by Dbbroadcast

Mozart Dds Next 3500 Firmware by Dbbroadcast

Mozart Dds Next 50 Firmware by Dbbroadcast

Mozart Dds Next 500 Firmware by Dbbroadcast

Mozart Dds Next 6000 Firmware by Dbbroadcast

Mozart Dds Next 7000 Firmware by Dbbroadcast

Mozart Next 100 Firmware by Dbbroadcast

Mozart Next 1000 Firmware by Dbbroadcast

Mozart Next 2000 Firmware by Dbbroadcast

Mozart Next 30 Firmware by Dbbroadcast

Mozart Next 300 Firmware by Dbbroadcast

Mozart Next 3000 Firmware by Dbbroadcast

Mozart Next 3500 Firmware by Dbbroadcast

Mozart Next 50 Firmware by Dbbroadcast

Mozart Next 500 Firmware by Dbbroadcast

Mozart Next 6000 Firmware by Dbbroadcast

Mozart Next 7000 Firmware by Dbbroadcast