Overview CVE-2025-66255 details a critical security vulnerability affecting DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitters. Specifically, versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000 are susceptible to an unauthenticated arbitrary file upload vulnerability. This flaw resides in the `upgrade_contents.php` endpoint and allows attackers to upload malicious firmware packages, potentially leading to remote code execution. Technical Details The vulnerability stems from a lack of proper validation within the `upgrade_contents.php` endpoint. The endpoint does not enforce crucial security checks, including: Missing Signature Validation: Firmware packages are not verified for cryptographic signatures, allowing attackers to tamper with the…
-
-
Overview CVE-2025-66254 identifies a critical unauthenticated arbitrary file deletion vulnerability affecting DB Elettronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000. This vulnerability allows attackers to delete arbitrary files on the system without requiring any authentication. This poses a significant risk to the integrity and availability of the affected devices. Technical Details The vulnerability lies in the upgrade_contents.php script located at /var/www/upgrade_contents.php. The deleteupgrade parameter is used to specify the file to be deleted. However, the script lacks proper authentication and input sanitization, allowing an attacker to manipulate the deleteupgrade…
-
Overview CVE-2025-66253 describes a critical unauthenticated OS command injection vulnerability affecting multiple versions of DB Elettronica Telecomunicazioni S.p.A. Mozart FM Transmitters. Specifically, versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000 are vulnerable. The vulnerability resides in the `start_upgrade.php` file, which allows an attacker to execute arbitrary operating system commands without authentication. Technical Details The vulnerability stems from the fact that user input passed to the `$_GET[“filename”]` parameter within the `/var/tdf/start_upgrade.php` endpoint is directly passed into the `exec()` function without proper sanitization or shell escaping. This allows an attacker to inject arbitrary shell commands by using…
-
Overview CVE-2025-66252 describes a Denial of Service (DoS) vulnerability affecting DB Elettronica Telecomunicazioni S.p.A. Mozart FM Transmitters. This vulnerability arises from an infinite loop triggered by a failed file deletion attempt within the status_contents.php script. Specifically, versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 are affected. Technical Details The vulnerability lies in the way the Mozart FM Transmitter’s software handles file deletion. The status_contents.php script contains a while loop that attempts to delete a file using the unlink() function. If the unlink() operation fails (for example, due to insufficient permissions or if the file is immutable),…
-
Overview CVE-2025-66251 describes a critical vulnerability affecting DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitters (versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000). This vulnerability allows an unauthenticated attacker to perform arbitrary file deletion due to a path traversal issue associated with the `deletehidden` parameter. Specifically, an attacker can manipulate this parameter to delete arbitrary `.tgz` files on the system. Technical Details The vulnerability stems from insufficient input validation when handling the `deletehidden` parameter. An attacker can exploit this by crafting a malicious request that includes a path traversal sequence (e.g., `../../`) within the `deletehidden` parameter value.…
-
Overview CVE-2025-66250 describes a critical unauthenticated arbitrary file upload vulnerability found in DB Elettronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000. This vulnerability allows a remote attacker to upload arbitrary files to the affected device without authentication. This could lead to severe consequences, including remote code execution and complete system compromise. Technical Details The vulnerability resides in the /var/tdf/status_contents.php script. The lack of authentication and input validation in this script allows an attacker to upload any type of file to the server. Exploitation is likely straightforward, involving a simple…
-
Overview A critical security vulnerability, identified as CVE-2025-64657, has been discovered in Microsoft Azure Application Gateway. This vulnerability is a stack-based buffer overflow that allows an unauthorized attacker to potentially elevate privileges across the network. Given its critical severity, immediate action is highly recommended to mitigate the risk. Technical Details CVE-2025-64657 stems from a flaw in how Azure Application Gateway handles specific input within its request processing routines. A specially crafted request, exceeding the buffer’s capacity, can overwrite adjacent memory locations on the stack. This can be leveraged by an attacker to inject and execute arbitrary code with elevated privileges…
-
Overview CVE-2025-64656 is a critical security vulnerability affecting Application Gateway. This vulnerability is an out-of-bounds read which, if exploited, allows an unauthorized attacker to elevate privileges within the network where the vulnerable Application Gateway is deployed. Given the potential for significant impact, prompt action is required to mitigate this risk. Technical Details The vulnerability stems from insufficient bounds checking when processing specific types of network traffic within the Application Gateway. An attacker can craft a malicious packet that, when processed by the gateway, causes it to read memory beyond the allocated buffer. This out-of-bounds read can leak sensitive information, potentially…
-
Overview CVE-2025-66019 describes a memory exhaustion vulnerability affecting pypdf, a popular Python library for PDF manipulation. Prior to version 6.4.0, a specially crafted PDF file could trigger excessive memory usage when parsing its content stream using the LZWDecode filter. This vulnerability could lead to denial-of-service (DoS) conditions if exploited. Technical Details The vulnerability lies within the LZWDecode filter implementation within pypdf. An attacker can create a PDF document with a malicious content stream that, when processed by pypdf versions before 6.4.0, leads to the allocation of up to 1GB of memory per stream. This occurs during the decompression process of…
-
Overview CVE-2025-65963 is a medium severity vulnerability affecting the CFiles module in HumHub, a free social network software. Specifically, it impacts versions prior to 0.16.11 and 0.17.2. This vulnerability allows non-member users to create new folders and upload files as a ZIP archive in public spaces due to insufficient authorization checks. Private spaces are not affected. Technical Details The root cause of this vulnerability lies in the inadequate authorization mechanisms within the CFiles module. When handling requests to create folders or upload files in public spaces, the system fails to properly verify if the user making the request is a…