CVE-2025-66261

Unauthenticated OS Command Injection (restore_settings.php)

Description

Unauthenticated OS Command Injection (restore_settings.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform URL-decoded name parameter passed to exec() allows remote code execution. The `/var/tdf/restore_settings.php` endpoint passes user-controlled `$_GET["name"]` parameter through `urldecode()` directly into `exec()` without validation or escaping. Attackers can inject arbitrary shell commands using metacharacters (`;`, `|`, `&&`, etc.) to achieve unauthenticated remote code execution as the web server user.

INFO

Published Date :

2025-11-26T00:49:38.259Z

Last Modified :

2025-11-26T15:00:02.948Z

Source :

Gridware

AFFECTED PRODUCTS

The following products are affected by CVE-2025-66261 vulnerability.

Vendors	Products
Dbbroadcast	Mozart Dds Next 100 Mozart Dds Next 1000 Mozart Dds Next 1000 Firmware Mozart Dds Next 100 Firmware Mozart Dds Next 2000 Mozart Dds Next 2000 Firmware Mozart Dds Next 30 Mozart Dds Next 300 Mozart Dds Next 3000 Mozart Dds Next 3000 Firmware Mozart Dds Next 300 Firmware Mozart Dds Next 30 Firmware Mozart Dds Next 3500 Mozart Dds Next 3500 Firmware Mozart Dds Next 50 Mozart Dds Next 500 Mozart Dds Next 500 Firmware Mozart Dds Next 50 Firmware Mozart Dds Next 6000 Mozart Dds Next 6000 Firmware Mozart Dds Next 7000 Mozart Dds Next 7000 Firmware Mozart Fm Transmitter Mozart Next 100 Mozart Next 1000 Mozart Next 1000 Firmware Mozart Next 100 Firmware Mozart Next 2000 Mozart Next 2000 Firmware Mozart Next 30 Mozart Next 300 Mozart Next 3000 Mozart Next 3000 Firmware Mozart Next 300 Firmware Mozart Next 30 Firmware Mozart Next 3500 Mozart Next 3500 Firmware Mozart Next 50 Mozart Next 500 Mozart Next 500 Firmware Mozart Next 50 Firmware Mozart Next 6000 Mozart Next 6000 Firmware Mozart Next 7000 Mozart Next 7000 Firmware

Vendors

Products

Dbbroadcast

Mozart Dds Next 100
Mozart Dds Next 1000
Mozart Dds Next 1000 Firmware
Mozart Dds Next 100 Firmware
Mozart Dds Next 2000
Mozart Dds Next 2000 Firmware
Mozart Dds Next 30
Mozart Dds Next 300
Mozart Dds Next 3000
Mozart Dds Next 3000 Firmware
Mozart Dds Next 300 Firmware
Mozart Dds Next 30 Firmware
Mozart Dds Next 3500
Mozart Dds Next 3500 Firmware
Mozart Dds Next 50
Mozart Dds Next 500
Mozart Dds Next 500 Firmware
Mozart Dds Next 50 Firmware
Mozart Dds Next 6000
Mozart Dds Next 6000 Firmware
Mozart Dds Next 7000
Mozart Dds Next 7000 Firmware
Mozart Fm Transmitter
Mozart Next 100
Mozart Next 1000
Mozart Next 1000 Firmware
Mozart Next 100 Firmware
Mozart Next 2000
Mozart Next 2000 Firmware
Mozart Next 30
Mozart Next 300
Mozart Next 3000
Mozart Next 3000 Firmware
Mozart Next 300 Firmware
Mozart Next 30 Firmware
Mozart Next 3500
Mozart Next 3500 Firmware
Mozart Next 50
Mozart Next 500
Mozart Next 500 Firmware
Mozart Next 50 Firmware
Mozart Next 6000
Mozart Next 6000 Firmware
Mozart Next 7000
Mozart Next 7000 Firmware

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66261.

URL	Resource
https://www.abdulmhsblog.com/posts/webfmvulns/

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact