Overview CVE-2025-66258 describes a Stored Cross-Site Scripting (XSS) vulnerability affecting DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitters. Specifically, versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 are susceptible. This vulnerability allows an attacker to inject malicious JavaScript code into the system, potentially leading to unauthorized actions, data theft, or service disruption. Technical Details The vulnerability stems from improper handling of filenames within the patchlist.xml file. User-controlled filenames are directly concatenated into this XML file without adequate encoding or sanitization. An attacker can exploit this by crafting filenames containing malicious JavaScript payloads (e.g., <img src=x onerror=alert()>.bin). When…

Overview CVE-2025-66257 describes a critical security vulnerability affecting DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitters. Specifically, versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000 are susceptible to an unauthenticated arbitrary file deletion vulnerability. This allows a remote attacker to delete arbitrary files on the device without requiring any authentication. Technical Details The vulnerability resides in the `patch_contents.php` script. The `deletepatch` parameter within this script is not properly sanitized and lacks access control checks. This means that a malicious actor can craft a request containing a path to a file within the `/var/www/patch/` directory and have…

Overview CVE-2025-66256 is a critical security vulnerability affecting DB Elettronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000. This vulnerability allows an unauthenticated attacker to upload arbitrary files to the system, potentially leading to remote code execution, system compromise, and other severe consequences. Technical Details The vulnerability resides in the /var/tdf/patch_contents.php endpoint. This endpoint lacks proper authentication and authorization mechanisms, allowing anyone with network access to the device to upload files. Furthermore, the endpoint does not implement adequate file type validation, MIME type checking, or file size restrictions (beyond a…

Overview CVE-2025-66255 details a critical security vulnerability affecting DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitters. Specifically, versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000 are susceptible to an unauthenticated arbitrary file upload vulnerability. This flaw resides in the `upgrade_contents.php` endpoint and allows attackers to upload malicious firmware packages, potentially leading to remote code execution. Technical Details The vulnerability stems from a lack of proper validation within the `upgrade_contents.php` endpoint. The endpoint does not enforce crucial security checks, including: Missing Signature Validation: Firmware packages are not verified for cryptographic signatures, allowing attackers to tamper with the…

Overview CVE-2025-66254 identifies a critical unauthenticated arbitrary file deletion vulnerability affecting DB Elettronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000. This vulnerability allows attackers to delete arbitrary files on the system without requiring any authentication. This poses a significant risk to the integrity and availability of the affected devices. Technical Details The vulnerability lies in the upgrade_contents.php script located at /var/www/upgrade_contents.php. The deleteupgrade parameter is used to specify the file to be deleted. However, the script lacks proper authentication and input sanitization, allowing an attacker to manipulate the deleteupgrade…

Overview CVE-2025-66253 describes a critical unauthenticated OS command injection vulnerability affecting multiple versions of DB Elettronica Telecomunicazioni S.p.A. Mozart FM Transmitters. Specifically, versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000 are vulnerable. The vulnerability resides in the `start_upgrade.php` file, which allows an attacker to execute arbitrary operating system commands without authentication. Technical Details The vulnerability stems from the fact that user input passed to the `$_GET[“filename”]` parameter within the `/var/tdf/start_upgrade.php` endpoint is directly passed into the `exec()` function without proper sanitization or shell escaping. This allows an attacker to inject arbitrary shell commands by using…

Overview CVE-2025-66252 describes a Denial of Service (DoS) vulnerability affecting DB Elettronica Telecomunicazioni S.p.A. Mozart FM Transmitters. This vulnerability arises from an infinite loop triggered by a failed file deletion attempt within the status_contents.php script. Specifically, versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 are affected. Technical Details The vulnerability lies in the way the Mozart FM Transmitter’s software handles file deletion. The status_contents.php script contains a while loop that attempts to delete a file using the unlink() function. If the unlink() operation fails (for example, due to insufficient permissions or if the file is immutable),…

Overview CVE-2025-66251 describes a critical vulnerability affecting DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitters (versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000). This vulnerability allows an unauthenticated attacker to perform arbitrary file deletion due to a path traversal issue associated with the `deletehidden` parameter. Specifically, an attacker can manipulate this parameter to delete arbitrary `.tgz` files on the system. Technical Details The vulnerability stems from insufficient input validation when handling the `deletehidden` parameter. An attacker can exploit this by crafting a malicious request that includes a path traversal sequence (e.g., `../../`) within the `deletehidden` parameter value.…

Overview CVE-2025-66250 describes a critical unauthenticated arbitrary file upload vulnerability found in DB Elettronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000. This vulnerability allows a remote attacker to upload arbitrary files to the affected device without authentication. This could lead to severe consequences, including remote code execution and complete system compromise. Technical Details The vulnerability resides in the /var/tdf/status_contents.php script. The lack of authentication and input validation in this script allows an attacker to upload any type of file to the server. Exploitation is likely straightforward, involving a simple…

Overview A critical security vulnerability, identified as CVE-2025-64657, has been discovered in Microsoft Azure Application Gateway. This vulnerability is a stack-based buffer overflow that allows an unauthorized attacker to potentially elevate privileges across the network. Given its critical severity, immediate action is highly recommended to mitigate the risk. Technical Details CVE-2025-64657 stems from a flaw in how Azure Application Gateway handles specific input within its request processing routines. A specially crafted request, exceeding the buffer’s capacity, can overwrite adjacent memory locations on the stack. This can be leveraged by an attacker to inject and execute arbitrary code with elevated privileges…