CVE-2025-66262

Q: What is the severity of CVE-2025-66262?

CVE-2025-66262 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to overwrite arbitrary system files via path traversal in tar archive extraction. Attackers can craft malicious .tgz archives that, when processed by the vulnerable script, deposit files to the filesystem root, potentially overwriting critical files like /etc/shadow. All DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 are affected.

9.8 CRITICAL

Path Traversal

📋 TL;DR

This vulnerability allows attackers to overwrite arbitrary system files via path traversal in tar archive extraction. Attackers can craft malicious .tgz archives that, when processed by the vulnerable script, deposit files to the filesystem root, potentially overwriting critical files like /etc/shadow. All DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 are affected.

💻 Affected Systems

Products:

DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter

Versions: 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000

Operating Systems: Linux-based embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Requires combination with file upload vulnerabilities (CVE-01, CVE-06, CVE-07) for full exploitation chain.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via overwriting critical system files like /etc/shadow or /etc/passwd, allowing privilege escalation, persistence, and complete control of the device.

🟠

Likely Case

Service disruption, data corruption, or unauthorized access by overwriting configuration files, web content, or system binaries.

🟢

If Mitigated

Limited impact if file uploads are restricted and extraction occurs in isolated containers with proper permissions.

🌐 Internet-Facing: HIGH - Combined with unauthenticated file upload vulnerabilities, internet-facing devices are directly exploitable.

🏢 Internal Only: HIGH - Even internally, attackers with network access can exploit this to compromise devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires crafting malicious tar archives with path traversal filenames and uploading them via companion vulnerabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

1. Contact vendor for security patches. 2. If patches unavailable, implement workarounds immediately. 3. Monitor vendor security advisories.

🔧 Temporary Workarounds

Disable vulnerable script

linux

Remove or disable execute permissions on restore_mozzi_memories.sh script

chmod -x /path/to/restore_mozzi_memories.sh
mv /path/to/restore_mozzi_memories.sh /path/to/restore_mozzi_memories.sh.disabled

Implement tar extraction validation

linux

Modify script to validate tar archive contents before extraction

Modify restore_mozzi_memories.sh to include: tar -tf archive.tgz | grep -E '^\.\./' && echo 'Path traversal detected' || tar -xzf archive.tgz

🧯 If You Can't Patch

Network segmentation: Isolate Mozart FM Transmitters from untrusted networks
Access controls: Restrict file upload functionality to authenticated users only

🔍 How to Verify

Check if Vulnerable:

Check if restore_mozzi_memories.sh exists and contains tar extraction with -C / flag without path validation

Check Version:

Check device web interface or system information for model/version

Verify Fix Applied:

Verify script has been modified to validate tar archive paths or has been disabled

📡 Detection & Monitoring

Log Indicators:

Unusual tar extraction activity
File modification in system directories
Failed file upload attempts

Network Indicators:

HTTP POST requests with .tgz file uploads to vulnerable endpoints
Unusual outbound connections after exploitation

SIEM Query:

source="*mozart*" AND (event="file_upload" OR event="tar_extract") AND file_ext="tgz"

📊 Metadata

CVE ID: CVE-2025-66262

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

EPSS Score: 0.14% exploit probability (34.1th percentile)

Published: November 26, 2025

Last Updated: December 3, 2025

🔗 References

https://www.abdulmhsblog.com/posts/webfmvulns/ Exploit,Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mozart Dds Next 100 Firmware by Dbbroadcast

Mozart Dds Next 1000 Firmware by Dbbroadcast

Mozart Dds Next 2000 Firmware by Dbbroadcast

Mozart Dds Next 30 Firmware by Dbbroadcast

Mozart Dds Next 300 Firmware by Dbbroadcast

Mozart Dds Next 3000 Firmware by Dbbroadcast

Mozart Dds Next 3500 Firmware by Dbbroadcast

Mozart Dds Next 50 Firmware by Dbbroadcast

Mozart Dds Next 500 Firmware by Dbbroadcast

Mozart Dds Next 6000 Firmware by Dbbroadcast

Mozart Dds Next 7000 Firmware by Dbbroadcast

Mozart Next 100 Firmware by Dbbroadcast

Mozart Next 1000 Firmware by Dbbroadcast

Mozart Next 2000 Firmware by Dbbroadcast

Mozart Next 30 Firmware by Dbbroadcast

Mozart Next 300 Firmware by Dbbroadcast

Mozart Next 3000 Firmware by Dbbroadcast

Mozart Next 3500 Firmware by Dbbroadcast

Mozart Next 50 Firmware by Dbbroadcast

Mozart Next 500 Firmware by Dbbroadcast

Mozart Next 6000 Firmware by Dbbroadcast

Mozart Next 7000 Firmware by Dbbroadcast