CVE-2025-66250 in Mozart FM Transmitter
Summary
by MITRE • 11/26/2025
Unauthenticated Arbitrary File Upload (status_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Allows unauthenticated arbitrary file upload via /var/tdf/status_contents.php.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 12/04/2025
The vulnerability identified as CVE-2025-66250 represents a critical security flaw in the Mozart FM Transmitter firmware manufactured by DB Electronica Telecomunicazioni S.p.A. This device operates within the telecommunications infrastructure sector and is designed for FM transmission services. The affected versions span across multiple model numbers including 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000, indicating a widespread impact across the product line. The vulnerability specifically resides in the status_contents.php script which is accessible through the /var/tdf/ directory structure, making it a direct path for exploitation within the device's file system hierarchy. This arbitrary file upload vulnerability falls under CWE-434 which categorizes insecure file upload mechanisms that allow attackers to upload malicious files to a server.
The technical implementation of this vulnerability permits unauthenticated attackers to upload arbitrary files to the target system without requiring any valid credentials or authentication mechanisms. The attack vector exploits the lack of proper input validation and access controls within the status_contents.php endpoint, allowing malicious actors to bypass the normal file upload restrictions. This flaw enables attackers to potentially upload web shells, malicious scripts, or other harmful payloads that could compromise the entire device and potentially the wider network infrastructure it connects to. The vulnerability is particularly dangerous because it operates without authentication requirements, making it accessible to anyone who can reach the device's network interface.
The operational impact of this vulnerability extends beyond simple unauthorized file uploads as it creates a persistent backdoor for attackers to maintain access to the compromised device. Once an attacker successfully uploads a malicious file, they can execute arbitrary code on the target system, potentially leading to complete system compromise and unauthorized access to sensitive operational data. The affected device serves as a critical component in FM transmission systems, meaning unauthorized access could disrupt broadcasting services or provide attackers with access to communication channels that may carry sensitive information. The vulnerability also poses risks to network integrity as compromised devices can serve as entry points for lateral movement within larger network infrastructures.
Mitigation strategies for this vulnerability should include immediate firmware updates from the vendor to address the authentication bypass and input validation flaws. Network segmentation and firewall rules should be implemented to restrict access to the affected device's network interfaces, particularly preventing external access to the status_contents.php endpoint. Regular security audits and penetration testing should be conducted to identify similar vulnerabilities within the device's software stack. The implementation of file type validation and content scanning mechanisms can provide additional protection layers against malicious file uploads. Organizations should also consider deploying intrusion detection systems to monitor for suspicious file upload activities and maintain comprehensive network monitoring to detect unauthorized access attempts. This vulnerability aligns with ATT&CK technique T1195 which covers content injection attacks, and specifically demonstrates how unauthenticated file upload capabilities can be leveraged for persistent access and privilege escalation within networked systems.