Cyber Posture

CVE-2025-66250

CriticalPublic PoC

Published: 26 November 2025

Published
26 November 2025
Modified
03 December 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0018 38.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Unauthenticated Arbitrary File Upload (status_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Allows unauthenticated arbitrary file upload via /var/tdf/status_contents.php.

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match
prevent

Directly prohibits unauthenticated arbitrary file uploads by limiting permitted actions without identification or authentication on the status_contents.php endpoint.

SI-10 Information Input Validation good match
prevent

Enforces validation of information inputs to block unrestricted uploads of dangerous file types via the vulnerable endpoint.

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and correction of the file upload flaw in affected Mozart FM Transmitter versions.

Security SummaryAI

CVE-2025-66250 is an unauthenticated arbitrary file upload vulnerability in the status_contents.php component of DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter devices, affecting versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000. The flaw, published on 2025-11-26, enables attackers to upload arbitrary files via the /var/tdf/status_contents.php endpoint and is associated with CWE-434 (Unrestricted Upload of File with Dangerous Type). It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for complete system compromise.

Any unauthenticated attacker with network access to the affected device can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows arbitrary file uploads, which could lead to remote code execution, data theft, modification of critical files, or denial of service, given the high impacts on confidentiality, integrity, and availability.

Mitigation details are outlined in the advisory at https://www.abdulmhsblog.com/posts/webfmvulns/. Security practitioners should consult this reference for patching instructions or workarounds, as no additional vendor patches are specified in available data.

Details

CWE(s)
CWE-434

Affected Products

dbbroadcast
mozart next 100 firmware
all versions
dbbroadcast
mozart next 1000 firmware
all versions
dbbroadcast
mozart next 2000 firmware
all versions
dbbroadcast
mozart next 30 firmware
all versions
dbbroadcast
mozart next 300 firmware
all versions
dbbroadcast
mozart next 3000 firmware
all versions
dbbroadcast
mozart next 3500 firmware
all versions
dbbroadcast
mozart next 50 firmware
all versions
dbbroadcast
mozart next 500 firmware
all versions
dbbroadcast
mozart next 6000 firmware
all versions
+12 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
attack.mitre.org →
Why these techniques?

Unauthenticated arbitrary file upload in public-facing PHP endpoint enables T1190 (Exploit Public-Facing Application) for initial access and facilitates T1100 (Web Shell) for RCE via uploaded malicious files.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References