Remote Code Execution Vulnerability in DB Electronica Mozart FM Transmitter
CVE-2025-66259

9.3CRITICAL

Key Information:

Vendor: Db Electronica Telecomunicazioni S.p.a.
Status: Mozart Fm Transmitter
Vendor: CVE Published:; 26 November 2025

🔔 Create Db Electronica Telecomunicazioni S.p.a. Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-66259?

A vulnerability in DB Electronica Telecomunicazioni S.p.A.'s Mozart FM Transmitter enables authenticated attackers to execute arbitrary commands on the server. This occurs due to improper user input validation in the main_ok.php script, where data related to user-supplied hour and time is directly passed to a date shell command. Such exploitation can lead to unauthorized access and potential system compromise.

Affected Version(s)

Mozart FM Transmitter 30

Mozart FM Transmitter 50

Mozart FM Transmitter 100

References

https://www.abdulmhsblog.com/posts/webfmvulns/

exploittechnical-description

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 26, 2025
👾
Exploit known to exist
Nov 26, 2025
Vulnerability published
Nov 26, 2025
Vulnerability Reserved
Nov 26, 2025

Credit

Abdul Mhanni

JSON