24h | 7d | 30d

CVE-2023-48733

Overview

  • Canonical Ltd.
  • Ubuntu EDK II
  • edk2
14 Feb 2024
Published
08 May 2025
Updated
CVSS v3.1
MEDIUM (6.7)
EPSS
0.01%
KEV

Description

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Not the most confidence-inspiring CVE description.

cve.org/CVERecord?id=CVE-2025-

The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based decision to continue running inside the Shell itself, which is believed to be sufficient to enforce Secure Boot restrictions. This is an additional repair on top of the incomplete fix for CVE-2023-48733.

  • 2
  • 1
  • 0
  • 1h ago

CVE-2025-2486

Overview

  • Ubuntu
  • edk2
26 Nov 2025
Published
26 Nov 2025
Updated
CVSS v4.0
LOW (3.7)
EPSS
Pending
KEV

Description

The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based decision to continue running inside the Shell itself, which is believed to be sufficient to enforce Secure Boot restrictions. This is an additional repair on top of the incomplete fix for CVE-2023-48733.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Not the most confidence-inspiring CVE description.

cve.org/CVERecord?id=CVE-2025-

The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based decision to continue running inside the Shell itself, which is believed to be sufficient to enforce Secure Boot restrictions. This is an additional repair on top of the incomplete fix for CVE-2023-48733.

  • 2
  • 1
  • 0
  • 1h ago

CVE-2025-66256

Overview

  • DB Electronica Telecomunicazioni S.p.A.
  • Mozart FM Transmitter
26 Nov 2025
Published
26 Nov 2025
Updated
CVSS v4.0
CRITICAL (9.9)
EPSS
0.04%
KEV

Description

Unauthenticated Arbitrary File Upload (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Unrestricted file upload in patch_contents.php allows uploading malicious files. The `/var/tdf/patch_contents.php` endpoint allows unauthenticated arbitrary file uploads without file type validation, MIME checking, or size restrictions beyond 16MB, enabling attackers to upload malicious files.

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Go hack more radio shit.

abdulmhsblog.com/posts/webfmvu

  • CVE-2025-66259: Authenticated Root RCE (main_ok.php)
  • CVE-2025-66253: Unauthenticated OS Command Injection (Upgrade)
  • CVE-2025-66261: Unauthenticated OS Command Injection (Restore)
  • CVE-2025-66262: Arbitrary File Overwrite (Tar Path Traversal)
  • CVE-2025-66250: Unrestricted File Upload (Status)
  • CVE-2025-66255: Unsigned Firmware Upload
  • CVE-2025-66256: Unrestricted Patch Upload
  • CVE-2025-66251: Path Traversal File Deletion
  • CVE-2025-66254: Arbitrary File Deletion (Upgrade)
  • CVE-2025-66263: Arbitrary File Read (Null Byte Injection)
  • CVE-2025-66260: SQL Injection
  • CVE-2025-66258: Stored XSS via XML Injection
  • CVE-2025-66257: Arbitrary Patch Deletion
  • CVE-2025-66252: Infinite Loop Denial of Service
  • 5
  • 3
  • 0
  • 3h ago

CVE-2025-66258

Overview

  • DB Electronica Telecomunicazioni S.p.A.
  • Mozart FM Transmitter
26 Nov 2025
Published
26 Nov 2025
Updated
CVSS v4.0
HIGH (7.1)
EPSS
0.05%
KEV

Description

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames are directly concatenated into `patchlist.xml` without encoding, allowing injection of malicious JavaScript payloads via crafted filenames (e.g., `<img src=x onerror=alert()>.bin`). The XSS executes when ajax.js processes and renders the XML file.

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Go hack more radio shit.

abdulmhsblog.com/posts/webfmvu

  • CVE-2025-66259: Authenticated Root RCE (main_ok.php)
  • CVE-2025-66253: Unauthenticated OS Command Injection (Upgrade)
  • CVE-2025-66261: Unauthenticated OS Command Injection (Restore)
  • CVE-2025-66262: Arbitrary File Overwrite (Tar Path Traversal)
  • CVE-2025-66250: Unrestricted File Upload (Status)
  • CVE-2025-66255: Unsigned Firmware Upload
  • CVE-2025-66256: Unrestricted Patch Upload
  • CVE-2025-66251: Path Traversal File Deletion
  • CVE-2025-66254: Arbitrary File Deletion (Upgrade)
  • CVE-2025-66263: Arbitrary File Read (Null Byte Injection)
  • CVE-2025-66260: SQL Injection
  • CVE-2025-66258: Stored XSS via XML Injection
  • CVE-2025-66257: Arbitrary Patch Deletion
  • CVE-2025-66252: Infinite Loop Denial of Service
  • 5
  • 3
  • 0
  • 3h ago

CVE-2025-66253

Overview

  • DB Electronica Telecomunicazioni S.p.A.
  • Mozart FM Transmitter
26 Nov 2025
Published
26 Nov 2025
Updated
CVSS v4.0
CRITICAL (9.9)
EPSS
0.93%
KEV

Description

Unauthenticated OS Command Injection (start_upgrade.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec() allows remote code execution via start_upgrade.php. The `/var/tdf/start_upgrade.php` endpoint passes user-controlled `$_GET["filename"]` directly into `exec()` without sanitization or shell escaping. Attackers can inject arbitrary shell commands using metacharacters (`;`, `|`, etc.) to achieve remote code execution as the web server user (likely root).

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Go hack more radio shit.

abdulmhsblog.com/posts/webfmvu

  • CVE-2025-66259: Authenticated Root RCE (main_ok.php)
  • CVE-2025-66253: Unauthenticated OS Command Injection (Upgrade)
  • CVE-2025-66261: Unauthenticated OS Command Injection (Restore)
  • CVE-2025-66262: Arbitrary File Overwrite (Tar Path Traversal)
  • CVE-2025-66250: Unrestricted File Upload (Status)
  • CVE-2025-66255: Unsigned Firmware Upload
  • CVE-2025-66256: Unrestricted Patch Upload
  • CVE-2025-66251: Path Traversal File Deletion
  • CVE-2025-66254: Arbitrary File Deletion (Upgrade)
  • CVE-2025-66263: Arbitrary File Read (Null Byte Injection)
  • CVE-2025-66260: SQL Injection
  • CVE-2025-66258: Stored XSS via XML Injection
  • CVE-2025-66257: Arbitrary Patch Deletion
  • CVE-2025-66252: Infinite Loop Denial of Service
  • 5
  • 3
  • 0
  • 3h ago

CVE-2025-66251

Overview

  • DB Electronica Telecomunicazioni S.p.A.
  • Mozart FM Transmitter
26 Nov 2025
Published
26 Nov 2025
Updated
CVSS v4.0
HIGH (7.7)
EPSS
0.17%
KEV

Description

Unauthenticated Path Traversal with Arbitrary File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletehidden parameter allows path traversal deletion of arbitrary .tgz files.

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Go hack more radio shit.

abdulmhsblog.com/posts/webfmvu

  • CVE-2025-66259: Authenticated Root RCE (main_ok.php)
  • CVE-2025-66253: Unauthenticated OS Command Injection (Upgrade)
  • CVE-2025-66261: Unauthenticated OS Command Injection (Restore)
  • CVE-2025-66262: Arbitrary File Overwrite (Tar Path Traversal)
  • CVE-2025-66250: Unrestricted File Upload (Status)
  • CVE-2025-66255: Unsigned Firmware Upload
  • CVE-2025-66256: Unrestricted Patch Upload
  • CVE-2025-66251: Path Traversal File Deletion
  • CVE-2025-66254: Arbitrary File Deletion (Upgrade)
  • CVE-2025-66263: Arbitrary File Read (Null Byte Injection)
  • CVE-2025-66260: SQL Injection
  • CVE-2025-66258: Stored XSS via XML Injection
  • CVE-2025-66257: Arbitrary Patch Deletion
  • CVE-2025-66252: Infinite Loop Denial of Service
  • 5
  • 3
  • 0
  • 3h ago

CVE-2025-66252

Overview

  • DB Electronica Telecomunicazioni S.p.A.
  • Mozart FM Transmitter
26 Nov 2025
Published
26 Nov 2025
Updated
CVSS v4.0
HIGH (8.4)
EPSS
0.04%
KEV

Description

Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink() fails in status_contents.php causing DoS. Due to the fact that the unlink operation is done in a while loop; if an immutable file is specified or otherwise a file in which the process has no permissions to delete; it would repeatedly attempt to do in a loop.

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Go hack more radio shit.

abdulmhsblog.com/posts/webfmvu

  • CVE-2025-66259: Authenticated Root RCE (main_ok.php)
  • CVE-2025-66253: Unauthenticated OS Command Injection (Upgrade)
  • CVE-2025-66261: Unauthenticated OS Command Injection (Restore)
  • CVE-2025-66262: Arbitrary File Overwrite (Tar Path Traversal)
  • CVE-2025-66250: Unrestricted File Upload (Status)
  • CVE-2025-66255: Unsigned Firmware Upload
  • CVE-2025-66256: Unrestricted Patch Upload
  • CVE-2025-66251: Path Traversal File Deletion
  • CVE-2025-66254: Arbitrary File Deletion (Upgrade)
  • CVE-2025-66263: Arbitrary File Read (Null Byte Injection)
  • CVE-2025-66260: SQL Injection
  • CVE-2025-66258: Stored XSS via XML Injection
  • CVE-2025-66257: Arbitrary Patch Deletion
  • CVE-2025-66252: Infinite Loop Denial of Service
  • 5
  • 3
  • 0
  • 3h ago

CVE-2025-66254

Overview

  • DB Electronica Telecomunicazioni S.p.A.
  • Mozart FM Transmitter
26 Nov 2025
Published
26 Nov 2025
Updated
CVSS v4.0
HIGH (7.8)
EPSS
0.07%
KEV

Description

Unauthenticated Arbitrary File Deletion (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgrade parameter allows unauthenticated deletion of arbitrary files.  The `deleteupgrade` parameter in `/var/www/upgrade_contents.php` allows unauthenticated deletion of arbitrary files in `/var/www/upload/` without any extension restriction or path sanitization, enabling attackers to remove critical system files.

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Go hack more radio shit.

abdulmhsblog.com/posts/webfmvu

  • CVE-2025-66259: Authenticated Root RCE (main_ok.php)
  • CVE-2025-66253: Unauthenticated OS Command Injection (Upgrade)
  • CVE-2025-66261: Unauthenticated OS Command Injection (Restore)
  • CVE-2025-66262: Arbitrary File Overwrite (Tar Path Traversal)
  • CVE-2025-66250: Unrestricted File Upload (Status)
  • CVE-2025-66255: Unsigned Firmware Upload
  • CVE-2025-66256: Unrestricted Patch Upload
  • CVE-2025-66251: Path Traversal File Deletion
  • CVE-2025-66254: Arbitrary File Deletion (Upgrade)
  • CVE-2025-66263: Arbitrary File Read (Null Byte Injection)
  • CVE-2025-66260: SQL Injection
  • CVE-2025-66258: Stored XSS via XML Injection
  • CVE-2025-66257: Arbitrary Patch Deletion
  • CVE-2025-66252: Infinite Loop Denial of Service
  • 5
  • 3
  • 0
  • 3h ago

CVE-2025-66255

Overview

  • DB Electronica Telecomunicazioni S.p.A.
  • Mozart FM Transmitter
26 Nov 2025
Published
26 Nov 2025
Updated
CVSS v4.0
CRITICAL (9.9)
EPSS
0.10%
KEV

Description

Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages.  The firmware upgrade endpoint in `upgrade_contents.php` accepts arbitrary file uploads without validating file headers, cryptographic signatures, or enforcing .tgz format requirements, allowing malicious firmware injection. This endpoint also subsequently provides ways for arbitrary file uploads and subsequent remote code execution

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Go hack more radio shit.

abdulmhsblog.com/posts/webfmvu

  • CVE-2025-66259: Authenticated Root RCE (main_ok.php)
  • CVE-2025-66253: Unauthenticated OS Command Injection (Upgrade)
  • CVE-2025-66261: Unauthenticated OS Command Injection (Restore)
  • CVE-2025-66262: Arbitrary File Overwrite (Tar Path Traversal)
  • CVE-2025-66250: Unrestricted File Upload (Status)
  • CVE-2025-66255: Unsigned Firmware Upload
  • CVE-2025-66256: Unrestricted Patch Upload
  • CVE-2025-66251: Path Traversal File Deletion
  • CVE-2025-66254: Arbitrary File Deletion (Upgrade)
  • CVE-2025-66263: Arbitrary File Read (Null Byte Injection)
  • CVE-2025-66260: SQL Injection
  • CVE-2025-66258: Stored XSS via XML Injection
  • CVE-2025-66257: Arbitrary Patch Deletion
  • CVE-2025-66252: Infinite Loop Denial of Service
  • 5
  • 3
  • 0
  • 3h ago

CVE-2025-66260

Overview

  • DB Electronica Telecomunicazioni S.p.A.
  • Mozart FM Transmitter
26 Nov 2025
Published
26 Nov 2025
Updated
CVSS v4.0
HIGH (7.2)
EPSS
0.03%
KEV

Description

PostgreSQL SQL Injection (status_sql.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in status_sql.php. The `status_sql.php` endpoint constructs SQL UPDATE queries by directly concatenating user-controlled `sw1` and `sw2` parameters without using parameterized queries or `pg_escape_string()`. While PostgreSQL's `pg_exec` limitations prevent stacked queries, attackers can inject subqueries for data exfiltration and leverage verbose error messages for reconnaissance.

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Go hack more radio shit.

abdulmhsblog.com/posts/webfmvu

  • CVE-2025-66259: Authenticated Root RCE (main_ok.php)
  • CVE-2025-66253: Unauthenticated OS Command Injection (Upgrade)
  • CVE-2025-66261: Unauthenticated OS Command Injection (Restore)
  • CVE-2025-66262: Arbitrary File Overwrite (Tar Path Traversal)
  • CVE-2025-66250: Unrestricted File Upload (Status)
  • CVE-2025-66255: Unsigned Firmware Upload
  • CVE-2025-66256: Unrestricted Patch Upload
  • CVE-2025-66251: Path Traversal File Deletion
  • CVE-2025-66254: Arbitrary File Deletion (Upgrade)
  • CVE-2025-66263: Arbitrary File Read (Null Byte Injection)
  • CVE-2025-66260: SQL Injection
  • CVE-2025-66258: Stored XSS via XML Injection
  • CVE-2025-66257: Arbitrary Patch Deletion
  • CVE-2025-66252: Infinite Loop Denial of Service
  • 5
  • 3
  • 0
  • 3h ago
Showing 31 to 40 of 41 CVEs