PT-2025-48109 · Db Elettronica Telecomunicazioni Spa · Mozart Fm Transmitter
Abdul Mhanni
·
Published
2025-11-26
·
Updated
2025-12-24
·
CVE-2025-66257
CVSS v4.0
9.2
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:N |
Name of the Vulnerable Software and Affected Versions
Mozart FM Transmitter versions 30 through 7000
Description
The software contains a flaw that allows for unauthenticated deletion of arbitrary files. Specifically, the
deletepatch parameter within the patch contents.php file permits the deletion of any file in the /var/www/patch/ directory without proper authorization or input validation. This could allow an attacker to remove critical system files.Recommendations
Versions 30 through 7000 should be updated when a patch becomes available from DB Electronica Telecomunicazioni S.p.A. As a temporary workaround, restrict access to the
patch contents.php file.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mozart Fm Transmitter