CVE-2025-66252

HIGH

Dbbroadcast Mozart Next 100 Firmware - Infinite Loop

Title source: rule

Description

Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink() fails in status_contents.php causing DoS. Due to the fact that the unlink operation is done in a while loop; if an immutable file is specified or otherwise a file in which the process has no permissions to delete; it would repeatedly attempt to do in a loop.

References (1)

[Exploit, Third Party Advisory] https://www.abdulmhsblog.com/posts/webfmvulns/

Scores

CVSS v3 7.5

EPSS 0.0007

EPSS Percentile 20.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-835

Status published

Products (22)

dbbroadcast/mozart_dds_next_1000_firmware

dbbroadcast/mozart_dds_next_100_firmware

dbbroadcast/mozart_dds_next_2000_firmware

dbbroadcast/mozart_dds_next_3000_firmware

dbbroadcast/mozart_dds_next_300_firmware

dbbroadcast/mozart_dds_next_30_firmware

dbbroadcast/mozart_dds_next_3500_firmware

dbbroadcast/mozart_dds_next_500_firmware

dbbroadcast/mozart_dds_next_50_firmware

dbbroadcast/mozart_dds_next_6000_firmware

... and 12 more

Published Nov 26, 2025

Tracked Since Feb 18, 2026