Overview
CVE-2025-66262 is a critical vulnerability affecting DB Elettronica Telecomunicazioni S.p.A. Mozart FM Transmitters. This vulnerability allows an attacker to overwrite arbitrary files on the system due to improper handling of Tar archive extraction. Specifically, the restore_mozzi_memories.sh script uses the -C / flag during Tar extraction without proper path validation, leading to a path traversal vulnerability.
Technical Details
The core of the vulnerability lies in the restore_mozzi_memories.sh script. This script extracts user-controlled Tar archives using the command tar -xzf [archive_name] -C /. The -C / option instructs Tar to change the directory to the root directory (/) before extracting files. This is problematic because it allows an attacker to create a malicious Tar archive containing files with path-traversed filenames, such as etc/shadow or var/www/index.php.
When the script extracts this malicious archive, the files will be placed in the system’s root directory structure at the attacker-specified locations. When combined with the unauthenticated file upload vulnerabilities (CVE-01, CVE-06, CVE-07), attackers can leverage this vulnerability to overwrite critical system files in writable directories, potentially leading to full system compromise.
CVSS Analysis
As of the publication date, a CVSS score has not been assigned to CVE-2025-66262. However, due to the potential for arbitrary file overwrite and full system compromise, this vulnerability is considered to be of high severity.
Possible Impact
The exploitation of CVE-2025-66262 can have severe consequences, including:
- Full System Compromise: Attackers can overwrite critical system files (e.g.,
/etc/shadow) to gain root access. - Denial of Service (DoS): Overwriting essential system files can render the transmitter inoperable.
- Data Breach: If sensitive data is stored on the transmitter, attackers may be able to access and exfiltrate it.
- Malware Installation: Attackers can install malware on the system, potentially using it as a bot in a botnet or for other malicious activities.
Mitigation and Patch Steps
To mitigate the risk posed by CVE-2025-66262, the following steps are recommended:
- Apply the Latest Patches: DB Elettronica Telecomunicazioni S.p.A. should release a patch that addresses this vulnerability. Apply the patch as soon as it becomes available.
- Input Validation: Implement strict input validation to prevent path traversal attacks. Ensure that filenames within the Tar archive do not contain “..” or other path traversal sequences.
- Secure Tar Extraction: Modify the
restore_mozzi_memories.shscript to avoid using the-C /option. Instead, extract the archive to a temporary directory and then carefully move the validated files to their intended locations. - Disable Unauthenticated File Uploads: Address the associated unauthenticated file upload vulnerabilities (CVE-01, CVE-06, CVE-07) to prevent attackers from uploading malicious archives.
- Least Privilege Principle: Ensure that the script runs with the least amount of privileges necessary to perform its intended function.
