CVE-2025-66259

Q: What is the severity of CVE-2025-66259?

CVE-2025-66259 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows authenticated attackers to execute arbitrary commands with root privileges on DB Electronica Telecomunicazioni Mozart FM Transmitters. Attackers can inject malicious input into date/time parameters that get passed directly to shell commands. All organizations using affected Mozart FM Transmitter models are at risk.

9.8 CRITICAL

Remote Code Execution

📋 TL;DR

This vulnerability allows authenticated attackers to execute arbitrary commands with root privileges on DB Electronica Telecomunicazioni Mozart FM Transmitters. Attackers can inject malicious input into date/time parameters that get passed directly to shell commands. All organizations using affected Mozart FM Transmitter models are at risk.

💻 Affected Systems

Products:

DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter

Versions: Versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000

Operating Systems: Embedded/Linux-based systems

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the web interface. All listed model versions appear vulnerable based on the CVE description.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root-level remote code execution, allowing attackers to install persistent backdoors, exfiltrate sensitive data, disrupt broadcast operations, or pivot to other network systems.

🟠

Likely Case

Unauthorized system access leading to configuration tampering, service disruption, or data theft from the transmitter system.

🟢

If Mitigated

Limited impact if proper network segmentation, strict access controls, and input validation are implemented, though risk remains due to the high-privilege nature of the vulnerability.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication but is straightforward once credentials are obtained. The vulnerability involves direct command injection in main_ok.php.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

Check vendor website for security updates. If no patch is available, implement workarounds immediately.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize date/time parameters before passing to shell commands

# Modify main_ok.php to validate user input
# Example: if (!preg_match('/^[0-9:]+$/', $_POST['time'])) { die('Invalid input'); }

Web Application Firewall Rules

all

Block malicious patterns in date/time parameters

# WAF rule to block shell metacharacters in time parameters
# Example ModSecurity: SecRule ARGS:time "[;|&`$()]" "deny,status:403"

🧯 If You Can't Patch

Network segmentation: Isolate FM transmitters from other critical systems and restrict access to management interfaces
Access control hardening: Implement strong authentication, limit admin accounts, and monitor for suspicious login attempts

🔍 How to Verify

Check if Vulnerable:

Test if date/time parameters in main_ok.php accept shell metacharacters like ;, |, &, or `

Check Version:

# Check transmitter model/version via web interface or system information page

Verify Fix Applied:

Verify that input validation rejects shell metacharacters and only accepts properly formatted date/time values

📡 Detection & Monitoring

Log Indicators:

Unusual shell commands in system logs
Multiple failed authentication attempts followed by successful login
Unexpected processes running as root

Network Indicators:

Unusual outbound connections from transmitter systems
Traffic to unexpected ports or IP addresses

SIEM Query:

source="transmitter_logs" AND (command="date" AND args="*;*" OR args="*|*" OR args="*&*" OR args="*`*")

📊 Metadata

CVE ID: CVE-2025-66259

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

EPSS Score: 0.44% exploit probability (62.9th percentile)

Published: November 26, 2025

Last Updated: December 3, 2025

🔗 References

https://www.abdulmhsblog.com/posts/webfmvulns/ Exploit,Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mozart Dds Next 100 Firmware by Dbbroadcast

Mozart Dds Next 1000 Firmware by Dbbroadcast

Mozart Dds Next 2000 Firmware by Dbbroadcast

Mozart Dds Next 30 Firmware by Dbbroadcast

Mozart Dds Next 300 Firmware by Dbbroadcast

Mozart Dds Next 3000 Firmware by Dbbroadcast

Mozart Dds Next 3500 Firmware by Dbbroadcast

Mozart Dds Next 50 Firmware by Dbbroadcast

Mozart Dds Next 500 Firmware by Dbbroadcast

Mozart Dds Next 6000 Firmware by Dbbroadcast

Mozart Dds Next 7000 Firmware by Dbbroadcast

Mozart Next 100 Firmware by Dbbroadcast

Mozart Next 1000 Firmware by Dbbroadcast

Mozart Next 2000 Firmware by Dbbroadcast

Mozart Next 30 Firmware by Dbbroadcast

Mozart Next 300 Firmware by Dbbroadcast

Mozart Next 3000 Firmware by Dbbroadcast

Mozart Next 3500 Firmware by Dbbroadcast

Mozart Next 50 Firmware by Dbbroadcast

Mozart Next 500 Firmware by Dbbroadcast

Mozart Next 6000 Firmware by Dbbroadcast

Mozart Next 7000 Firmware by Dbbroadcast