CVE-2025-66256

Name of the Vulnerable Software and Affected Versions DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30 through 7000

Description An unauthenticated arbitrary file upload issue exists in the /var/tdf/patch contents.php endpoint of the software. The endpoint lacks file type validation, MIME checking, and size restrictions beyond 16MB, allowing attackers to upload malicious files. The patch contents.php script is vulnerable to unrestricted file uploads.

Recommendations Mozart FM Transmitter version 30 requires remediation. Mozart FM Transmitter version 50 requires remediation. Mozart FM Transmitter version 100 requires remediation. Mozart FM Transmitter version 300 requires remediation. Mozart FM Transmitter version 500 requires remediation. Mozart FM Transmitter version 1000 requires remediation. Mozart FM Transmitter version 2000 requires remediation. Mozart FM Transmitter version 3000 requires remediation. Mozart FM Transmitter version 3500 requires remediation. Mozart FM Transmitter version 6000 requires remediation. Mozart FM Transmitter version 7000 requires remediation.