216.73.217.22

CVE-2025-66263

· Published 26/11/2025 01:16 · Modified 03/12/2025 16:52

Labels: CVE-2025-66263 2025-11-26CVE-2025-66263CWE-158b7efe717-a805-47cf-8e9a-921fca0ce0ce

Essential information

Published
26/11/2025 01:16
Modified
03/12/2025 16:52
Author
Creator
CVSS
8.9 HIGH (v3) 8.9 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in download_setting.php allows reading arbitrary files. The `/var/tdf/download_setting.php` endpoint constructs file paths by concatenating user-controlled `$_GET['filename']` with a forced `.tgz` extension. Running on PHP 5.3.2 (pre-5.3.4), the application is vulnerable to null byte injection (%00), allowing attackers to bypass the extension restriction and traverse paths. By requesting `filename=../../../../etc/passwd%00`, the underlying C functions treat the null byte as a string terminator, ignoring the appended `.tgz` and enabling unauthenticated arbitrary file disclosure of any file readable by the web server user.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
b7efe717-a805-47cf-8e9a-921fca0ce0ce
NVD
View on NVD

Affected products (CPE)

ProductCPE
dbbroadcast / mozart next 3000 firmware cpe:2.3:o:dbbroadcast:mozart_next_3000_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 3000 cpe:2.3:h:dbbroadcast:mozart_next_3000:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 3500 firmware cpe:2.3:o:dbbroadcast:mozart_next_3500_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 3500 cpe:2.3:h:dbbroadcast:mozart_next_3500:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 50 firmware cpe:2.3:o:dbbroadcast:mozart_next_50_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 50 cpe:2.3:h:dbbroadcast:mozart_next_50:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 500 firmware cpe:2.3:o:dbbroadcast:mozart_next_500_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 500 cpe:2.3:h:dbbroadcast:mozart_next_500:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 6000 firmware cpe:2.3:o:dbbroadcast:mozart_next_6000_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 6000 cpe:2.3:h:dbbroadcast:mozart_next_6000:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 7000 firmware cpe:2.3:o:dbbroadcast:mozart_next_7000_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 7000 cpe:2.3:h:dbbroadcast:mozart_next_7000:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 100 firmware cpe:2.3:o:dbbroadcast:mozart_next_100_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 100 cpe:2.3:h:dbbroadcast:mozart_next_100:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 1000 firmware cpe:2.3:o:dbbroadcast:mozart_next_1000_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 1000 cpe:2.3:h:dbbroadcast:mozart_next_1000:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 2000 firmware cpe:2.3:o:dbbroadcast:mozart_next_2000_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 2000 cpe:2.3:h:dbbroadcast:mozart_next_2000:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 30 firmware cpe:2.3:o:dbbroadcast:mozart_next_30_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 30 cpe:2.3:h:dbbroadcast:mozart_next_30:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 300 firmware cpe:2.3:o:dbbroadcast:mozart_next_300_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart next 300 cpe:2.3:h:dbbroadcast:mozart_next_300:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 30 firmware cpe:2.3:o:dbbroadcast:mozart_dds_next_30_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 30 cpe:2.3:h:dbbroadcast:mozart_dds_next_30:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 50 firmware cpe:2.3:o:dbbroadcast:mozart_dds_next_50_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 50 cpe:2.3:h:dbbroadcast:mozart_dds_next_50:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 100 firmware cpe:2.3:o:dbbroadcast:mozart_dds_next_100_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 100 cpe:2.3:h:dbbroadcast:mozart_dds_next_100:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 300 firmware cpe:2.3:o:dbbroadcast:mozart_dds_next_300_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 300 cpe:2.3:h:dbbroadcast:mozart_dds_next_300:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 500 firmware cpe:2.3:o:dbbroadcast:mozart_dds_next_500_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 500 cpe:2.3:h:dbbroadcast:mozart_dds_next_500:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 1000 firmware cpe:2.3:o:dbbroadcast:mozart_dds_next_1000_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 1000 cpe:2.3:h:dbbroadcast:mozart_dds_next_1000:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 2000 firmware cpe:2.3:o:dbbroadcast:mozart_dds_next_2000_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 2000 cpe:2.3:h:dbbroadcast:mozart_dds_next_2000:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 3000 firmware cpe:2.3:o:dbbroadcast:mozart_dds_next_3000_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 3000 cpe:2.3:h:dbbroadcast:mozart_dds_next_3000:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 3500 firmware cpe:2.3:o:dbbroadcast:mozart_dds_next_3500_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 3500 cpe:2.3:h:dbbroadcast:mozart_dds_next_3500:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 6000 firmware cpe:2.3:o:dbbroadcast:mozart_dds_next_6000_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 6000 cpe:2.3:h:dbbroadcast:mozart_dds_next_6000:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 7000 firmware cpe:2.3:o:dbbroadcast:mozart_dds_next_7000_firmware:-:*:*:*:*:*:*:*
dbbroadcast / mozart dds next 7000 cpe:2.3:h:dbbroadcast:mozart_dds_next_7000:-:*:*:*:*:*:*:*

References