Authenticated Root Remote Code Execution via improrer... · CVE-2025-66259 · GitHub Advisory Database · GitHub

Authenticated Root Remote Code Execution via improrer...

Critical severity Unreviewed Published Nov 26, 2025 to the GitHub Advisory Database • Updated Dec 3, 2025

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform in main_ok.php user supplied data/hour/time is passed directly into date shell command

References

Published by the National Vulnerability Database

Nov 26, 2025

Published to the GitHub Advisory Database Nov 26, 2025

Last updated Dec 3, 2025

Severity

Critical

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Network

Attack Complexity Low

Attack Requirements None

Privileges Required High

User interaction None

Vulnerable System Impact Metrics

Confidentiality High

Integrity High

Availability None

Subsequent System Impact Metrics

Confidentiality High

Integrity High

Availability None

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X