CVE-2025-66255

CRITICAL

Dbbroadcast Mozart Next 3000 Firmware - Unrestricted File Upload

Title source: rule

Description

Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages. The firmware upgrade endpoint in `upgrade_contents.php` accepts arbitrary file uploads without validating file headers, cryptographic signatures, or enforcing .tgz format requirements, allowing malicious firmware injection. This endpoint also subsequently provides ways for arbitrary file uploads and subsequent remote code execution

References (1)

[Exploit, Third Party Advisory] https://www.abdulmhsblog.com/posts/webfmvulns/

Scores

CVSS v3 9.8

EPSS 0.0032

EPSS Percentile 54.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-345 CWE-434

Status published

Products (22)

dbbroadcast/mozart_dds_next_1000_firmware

dbbroadcast/mozart_dds_next_100_firmware

dbbroadcast/mozart_dds_next_2000_firmware

dbbroadcast/mozart_dds_next_3000_firmware

dbbroadcast/mozart_dds_next_300_firmware

dbbroadcast/mozart_dds_next_30_firmware

dbbroadcast/mozart_dds_next_3500_firmware

dbbroadcast/mozart_dds_next_500_firmware

dbbroadcast/mozart_dds_next_50_firmware

dbbroadcast/mozart_dds_next_6000_firmware

... and 12 more

Published Nov 26, 2025

Tracked Since Feb 18, 2026