CVE-2025-66259 is a critical remote code execution vulnerability in the Mozart FM Transmitter product line by DB Electronica Telecomunicazioni S.p.A., affecting versions 30 through 7000. The root cause is improper input validation (CWE-20) in the main_ok.php script, where user-supplied parameters related to date/time (hour/time) are passed directly into a shell command without sanitization. This allows an authenticated attacker with root privileges to inject arbitrary shell commands, leading to remote code execution. The vulnerability does not require user interaction and can be exploited over the network (AV:N), with low attack complexity (AC:L), and no need for additional privileges beyond root (PR:H). The CVSS 4.0 vector indicates high impact on confidentiality, integrity, and availability (VC:H, VI:H, VA:N), with a scope change (SC:H) and no social engineering involved. Although no public exploits are known yet, the vulnerability's nature and severity make it a critical risk. The flaw affects a broad range of product versions, indicating a long-standing issue possibly present in many deployed devices. The vulnerability could allow attackers to take full control over the transmitter devices, potentially disrupting broadcast services or using the devices as pivot points for further network compromise.

For European organizations, especially broadcasters and telecom operators using Mozart FM Transmitters, this vulnerability could lead to severe operational disruptions by enabling attackers to execute arbitrary commands remotely with root privileges. This could result in unauthorized control over transmission equipment, manipulation or interruption of broadcast signals, and potential data breaches if the devices are connected to broader network infrastructure. The compromise of such critical infrastructure could affect public communication channels, emergency broadcast systems, and commercial media services. Additionally, attackers could leverage compromised devices to launch lateral attacks within organizational networks, increasing the risk of widespread impact. The high severity and ease of exploitation elevate the threat level, necessitating urgent attention to prevent service outages and reputational damage.

Immediate mitigation should focus on restricting root-level access to the affected devices, ensuring that only trusted administrators can authenticate. Organizations should implement network segmentation to isolate transmitter devices from general IT infrastructure, reducing attack surface exposure. Input validation controls must be enhanced in the main_ok.php script to sanitize all user-supplied parameters before passing them to shell commands, ideally replacing shell calls with safer APIs. Until patches are released, monitoring logs for unusual command executions or access patterns is critical to detect exploitation attempts early. Employing application-level firewalls or intrusion detection systems tailored to recognize exploitation signatures can provide additional protection. Organizations should engage with DB Electronica Telecomunicazioni for timely patches and updates and plan for rapid deployment. Regular backups and incident response readiness will help mitigate potential damage if exploitation occurs.