CVE-2025-66257
9.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:N
Summary
Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletepatch parameter allows unauthenticated deletion of arbitrary files.
The deletepatch parameter in patch_contents.php allows unauthenticated deletion of arbitrary files in /var/www/patch/ directory without sanitization or access control checks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 30 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 50 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 100 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 300 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 500 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 1000 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 2000 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 3000 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 3500 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 6000 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 7000 | affected |
Weaknesses
- CWE-73: CWE-73 Unauthenticated Arbitrary File Deletion (patch_contents.php)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.