CVE-2025-66263
BaseFortify
Publication date: 2025-11-26
Last updated on: 2025-12-03
Assigner: Gridware
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dbbroadcast | mozart_next_3000_firmware | * |
| dbbroadcast | mozart_next_3000 | * |
| dbbroadcast | mozart_next_3500_firmware | * |
| dbbroadcast | mozart_next_3500 | * |
| dbbroadcast | mozart_next_50_firmware | * |
| dbbroadcast | mozart_next_50 | * |
| dbbroadcast | mozart_next_500_firmware | * |
| dbbroadcast | mozart_next_500 | * |
| dbbroadcast | mozart_next_6000_firmware | * |
| dbbroadcast | mozart_next_6000 | * |
| dbbroadcast | mozart_next_7000_firmware | * |
| dbbroadcast | mozart_next_7000 | * |
| dbbroadcast | mozart_next_100_firmware | * |
| dbbroadcast | mozart_next_100 | * |
| dbbroadcast | mozart_next_1000_firmware | * |
| dbbroadcast | mozart_next_1000 | * |
| dbbroadcast | mozart_next_2000_firmware | * |
| dbbroadcast | mozart_next_2000 | * |
| dbbroadcast | mozart_next_30_firmware | * |
| dbbroadcast | mozart_next_30 | * |
| dbbroadcast | mozart_next_300_firmware | * |
| dbbroadcast | mozart_next_300 | * |
| dbbroadcast | mozart_dds_next_30_firmware | * |
| dbbroadcast | mozart_dds_next_30 | * |
| dbbroadcast | mozart_dds_next_50_firmware | * |
| dbbroadcast | mozart_dds_next_50 | * |
| dbbroadcast | mozart_dds_next_100_firmware | * |
| dbbroadcast | mozart_dds_next_100 | * |
| dbbroadcast | mozart_dds_next_300_firmware | * |
| dbbroadcast | mozart_dds_next_300 | * |
| dbbroadcast | mozart_dds_next_500_firmware | * |
| dbbroadcast | mozart_dds_next_500 | * |
| dbbroadcast | mozart_dds_next_1000_firmware | * |
| dbbroadcast | mozart_dds_next_1000 | * |
| dbbroadcast | mozart_dds_next_2000_firmware | * |
| dbbroadcast | mozart_dds_next_2000 | * |
| dbbroadcast | mozart_dds_next_3000_firmware | * |
| dbbroadcast | mozart_dds_next_3000 | * |
| dbbroadcast | mozart_dds_next_3500_firmware | * |
| dbbroadcast | mozart_dds_next_3500 | * |
| dbbroadcast | mozart_dds_next_6000_firmware | * |
| dbbroadcast | mozart_dds_next_6000 | * |
| dbbroadcast | mozart_dds_next_7000_firmware | * |
| dbbroadcast | mozart_dds_next_7000 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-158 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unauthenticated arbitrary file read in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30 through 7000. It occurs because the application uses a PHP script (download_setting.php) that concatenates a user-supplied filename parameter with a forced .tgz extension. Due to the PHP version (5.3.2) being vulnerable to null byte injection, an attacker can insert a null byte (%00) in the filename parameter to terminate the string early, bypassing the .tgz extension restriction. This allows the attacker to read any file on the server that the web server user can access, without authentication.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to read arbitrary files on the server without authentication. This could lead to disclosure of sensitive information such as configuration files, credentials, or other private data stored on the server. Such unauthorized access can compromise the confidentiality of the system and potentially facilitate further attacks.