CVE-2025-28237 is a high-severity vulnerability identified in WorldCast Systems ECRESO FM/DAB/TV Transmitter version 1.10.1. This vulnerability allows an authenticated attacker to escalate privileges by sending a specially crafted JSON payload to the affected system. The issue is classified under CWE-269, which pertains to improper privilege management. The vulnerability's CVSS v3.1 score is 8.8, indicating a high impact on confidentiality, integrity, and availability. The attack vector is network-based (AV:N), requiring low attack complexity (AC:L) and only low privileges (PR:L) to exploit, with no user interaction needed (UI:N). The scope remains unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). This means that once exploited, an attacker with limited privileges can gain elevated rights, potentially full administrative control over the transmitter device. The ECRESO transmitters are specialized broadcast equipment used for FM, DAB, and TV transmissions, which are critical infrastructure components in the media and communications sector. No known exploits are currently reported in the wild, and no patches have been publicly released yet. The vulnerability was reserved in March 2025 and published in April 2025, indicating recent discovery and disclosure. The lack of vendor and product details beyond the device name suggests limited public information, but the technical nature of the device implies a niche but critical target. The vulnerability could allow attackers to manipulate broadcast signals, disrupt transmission services, or gain persistent access to the device for further network intrusion.

For European organizations, particularly broadcasters and media companies relying on WorldCast Systems ECRESO transmitters, this vulnerability poses a significant risk. Exploitation could lead to unauthorized control over broadcast transmissions, resulting in service disruption, misinformation dissemination, or denial of service to the public. Given the critical role of broadcast infrastructure in public communication, emergency alerts, and media distribution, such an attack could have wide-reaching consequences including reputational damage, regulatory penalties, and public safety risks. Additionally, attackers gaining elevated privileges could pivot into broader network environments, threatening other connected systems. The impact extends beyond individual organizations to national communication infrastructures, especially in countries with extensive use of ECRESO transmitters. The high confidentiality impact also raises concerns about potential interception or manipulation of broadcast content, which could be exploited for disinformation campaigns or espionage.

1. Immediate mitigation should focus on restricting access to the management interfaces of ECRESO transmitters to trusted networks only, using network segmentation and strict firewall rules. 2. Implement strong authentication mechanisms and monitor for unusual authentication attempts or privilege escalations. 3. Deploy intrusion detection systems (IDS) or anomaly detection tailored to broadcast device protocols to identify suspicious JSON payloads or commands. 4. Coordinate with WorldCast Systems for timely patch releases and apply updates as soon as they become available. 5. Conduct regular audits of device configurations and privilege assignments to ensure least privilege principles are enforced. 6. Establish incident response plans specific to broadcast infrastructure to quickly isolate and remediate compromised devices. 7. Consider deploying compensating controls such as application-layer gateways or proxies that can validate and sanitize JSON payloads before they reach the transmitter. 8. Engage with national cybersecurity agencies for threat intelligence sharing and coordinated defense efforts given the critical infrastructure nature of the devices.