PT-2025-48103 · Db Elettronica Telecomunicazioni Spa · Mozart Fm Transmitter
Abdul Mhanni
·
Published
2025-11-26
·
Updated
2025-12-24
·
CVE-2025-66251
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000
Description
An unauthenticated path traversal issue exists that allows for arbitrary file deletion. The
deletehidden parameter enables path traversal, permitting the deletion of arbitrary .tgz files.Recommendations
Versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000 should be updated to a secure version. As a temporary workaround, restrict access to the
deletehidden parameter.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mozart Fm Transmitter