CVE-2025-66251CRITICAL 9.1EPSS p32.6%

CVE-2025-66251CVE-2025-66251

Description

Unauthenticated Path Traversal with Arbitrary File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletehidden parameter allows path traversal deletion of arbitrary .tgz files.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS0.41% probability of exploitation · percentile 32.6% · 2026-06-18T12:00:27Z
Published2025-11-26
Last modified2025-12-03

Underlying weaknesses· 1

CWE-22

References

  1. https://www.abdulmhsblog.com/posts/webfmvulns/

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-66257
CVE
CVE-2025-66254
CVE
CVE-2025-66262
CVE
CVE-2025-66259
CVE
CVE-2025-66253
CVE
CVE-2025-66250
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.