CVE-2025-66262
published 2025-11-26CVE-2025-66262: Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.25%
65.6th percentile
Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Tar extraction with -C / allow arbitrary file overwrite via crafted archive.
The `restore_mozzi_memories.sh` script extracts user-controlled tar archives with `-C /` flag, depositing contents to the filesystem root without path validation. When combined with the unauthenticated file upload vulnerabilities (CVE-01, CVE-06, CVE-07), attackers can craft malicious .tgz archives containing path-traversed filenames (e.g., `etc/shadow`, `var/www/index.php`) to overwrite critical system files in writable directories, achieving full system compromise.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| db_electronica_telecomunicazioni_s.p.a | mozart_fm_transmitter | — | — |
| db_electronica_telecomunicazioni_s.p.a | mozart_fm_transmitter | — | — |
| db_electronica_telecomunicazioni_s.p.a | mozart_fm_transmitter | — | — |
| db_electronica_telecomunicazioni_s.p.a | mozart_fm_transmitter | — | — |
| db_electronica_telecomunicazioni_s.p.a | mozart_fm_transmitter | — | — |
| db_electronica_telecomunicazioni_s.p.a | mozart_fm_transmitter | — | — |
| db_electronica_telecomunicazioni_s.p.a | mozart_fm_transmitter | — | — |
| db_electronica_telecomunicazioni_s.p.a | mozart_fm_transmitter | — | — |
| db_electronica_telecomunicazioni_s.p.a | mozart_fm_transmitter | — | — |
| db_electronica_telecomunicazioni_s.p.a | mozart_fm_transmitter | — | — |
| db_electronica_telecomunicazioni_s.p.a | mozart_fm_transmitter | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-11-26
Published