Overview
CVE-2025-66252 describes a Denial of Service (DoS) vulnerability affecting DB Elettronica Telecomunicazioni S.p.A. Mozart FM Transmitters. This vulnerability arises from an infinite loop triggered by a failed file deletion attempt within the status_contents.php script. Specifically, versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 are affected.
Technical Details
The vulnerability lies in the way the Mozart FM Transmitter’s software handles file deletion. The status_contents.php script contains a while loop that attempts to delete a file using the unlink() function. If the unlink() operation fails (for example, due to insufficient permissions or if the file is immutable), the loop continues indefinitely, consuming system resources and leading to a Denial of Service.
Here’s a simplified representation of the vulnerable code:
<?php
$file_to_delete = $_GET['file']; // Potentially attacker-controlled
while (file_exists($file_to_delete)) {
if (unlink($file_to_delete)) {
// Deletion successful
echo "File deleted.";
} else {
// Deletion failed - infinite loop!
echo "Failed to delete file. Retrying...";
// No break condition - loop continues indefinitely
}
}
?>
An attacker could exploit this by providing a path to a file that the web server process cannot delete, such as a system file with restricted permissions, thus triggering the infinite loop and rendering the transmitter unresponsive.
CVSS Analysis
Currently, the CVE entry for CVE-2025-66252 does not have a CVSS score assigned. This may be due to the relative novelty of the vulnerability or the specific context of the affected devices. A more detailed risk assessment is recommended based on your specific deployment and network configuration. Factors to consider include network accessibility of the affected web interface and the potential impact of a transmitter outage.
Possible Impact
The primary impact of CVE-2025-66252 is a Denial of Service. Successfully exploiting this vulnerability can render the DB Elettronica Mozart FM Transmitter unresponsive, disrupting broadcasting operations. This can lead to:
- Interruption of FM broadcasting services.
- Loss of revenue for broadcasters.
- Damage to reputation.
- Potential safety concerns if the transmitter is used for emergency broadcasts.
Mitigation and Patch Steps
The following mitigation steps are recommended:
- Apply the Patch: Contact DB Elettronica Telecomunicazioni S.p.A. to obtain and apply the official patch for this vulnerability as soon as it becomes available. This is the most effective solution.
- Input Validation: If patching is not immediately possible, implement strict input validation on the
fileparameter passed tostatus_contents.php. Ensure that the script can only access and attempt to delete files within a very limited, predefined directory. Blacklisting should be avoided in favor of whitelisting known safe files. - Access Control: Restrict access to the
status_contents.phpscript to authorized users only. Implement strong authentication mechanisms. - Web Application Firewall (WAF): Consider deploying a Web Application Firewall (WAF) with rules to detect and block malicious requests targeting this vulnerability.
- Monitoring: Monitor system resource usage on the FM transmitter. Unusually high CPU or memory consumption could indicate an ongoing attack.
