cbcvebase.
CVE-2025-66257
published 2025-11-26

CVE-2025-66257: Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500…

PriorityP265critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
0.34%
25.3th percentile
Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletepatch parameter allows unauthenticated deletion of arbitrary files. The `deletepatch` parameter in `patch_contents.php` allows unauthenticated deletion of arbitrary files in `/var/www/patch/` directory without sanitization or access control checks.

Affected

11 ranges
VendorProductVersion rangeFixed in
db_electronica_telecomunicazioni_s.p.amozart_fm_transmitter
db_electronica_telecomunicazioni_s.p.amozart_fm_transmitter
db_electronica_telecomunicazioni_s.p.amozart_fm_transmitter
db_electronica_telecomunicazioni_s.p.amozart_fm_transmitter
db_electronica_telecomunicazioni_s.p.amozart_fm_transmitter
db_electronica_telecomunicazioni_s.p.amozart_fm_transmitter
db_electronica_telecomunicazioni_s.p.amozart_fm_transmitter
db_electronica_telecomunicazioni_s.p.amozart_fm_transmitter
db_electronica_telecomunicazioni_s.p.amozart_fm_transmitter
db_electronica_telecomunicazioni_s.p.amozart_fm_transmitter
db_electronica_telecomunicazioni_s.p.amozart_fm_transmitter

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv4.09.2CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.