{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-66255","assignerOrgId":"b7efe717-a805-47cf-8e9a-921fca0ce0ce","state":"PUBLISHED","assignerShortName":"Gridware","dateReserved":"2025-11-26T00:21:33.791Z","datePublished":"2025-11-26T00:39:56.984Z","dateUpdated":"2025-12-03T16:00:07.473Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Mozart FM Transmitter","vendor":"DB Electronica Telecomunicazioni S.p.A.","versions":[{"status":"affected","version":"30"},{"status":"affected","version":"50"},{"status":"affected","version":"100"},{"status":"affected","version":"300"},{"status":"affected","version":"500"},{"status":"affected","version":"1000"},{"status":"affected","version":"2000"},{"status":"affected","version":"3000"},{"status":"affected","version":"3500"},{"status":"affected","version":"6000"},{"status":"affected","version":"7000"}]}],"credits":[{"lang":"en","type":"finder","value":"Abdul Mhanni"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages.&nbsp;<br>The firmware upgrade endpoint in `upgrade_contents.php` accepts arbitrary file uploads without validating file headers, cryptographic signatures, or enforcing .tgz format requirements, allowing malicious firmware injection. This endpoint also subsequently provides ways for arbitrary file uploads and subsequent remote code execution<br></p>"}],"value":"Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages. \nThe firmware upgrade endpoint in `upgrade_contents.php` accepts arbitrary file uploads without validating file headers, cryptographic signatures, or enforcing .tgz format requirements, allowing malicious firmware injection. This endpoint also subsequently provides ways for arbitrary file uploads and subsequent remote code execution"}],"impacts":[{"capecId":"CAPEC-100","descriptions":[{"lang":"en","value":"CAPEC-100"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":9.9,"baseSeverity":"CRITICAL","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-345","description":"CWE-345 Unauthenticated Arbitrary File Upload (upgrade_contents.php)","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"b7efe717-a805-47cf-8e9a-921fca0ce0ce","shortName":"Gridware","dateUpdated":"2025-11-26T00:39:56.984Z"},"references":[{"tags":["exploit","technical-description"],"url":"https://www.abdulmhsblog.com/posts/webfmvulns/"}],"source":{"discovery":"EXTERNAL"},"title":"Unauthenticated Arbitrary File Upload (upgrade_contents.php)","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"references":[{"url":"https://www.abdulmhsblog.com/posts/webfmvulns/","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-03T15:59:55.831677Z","id":"CVE-2025-66255","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-03T16:00:07.473Z"}}]}}