CVE-2025-66257CRITICAL 9.1EPSS p23.8%

CVE-2025-66257CVE-2025-66257

Description

Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletepatch parameter allows unauthenticated deletion of arbitrary files. The `deletepatch` parameter in `patch_contents.php` allows unauthenticated deletion of arbitrary files in `/var/www/patch/` directory without sanitization or access control checks.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS0.32% probability of exploitation · percentile 23.8% · 2026-06-18T12:00:27Z
Published2025-11-26
Last modified2025-12-03

Underlying weaknesses· 1

CWE-73

References

  1. https://www.abdulmhsblog.com/posts/webfmvulns/
  2. https://www.abdulmhsblog.com/posts/webfmvulns/

1

TypeTargetConfidenceTier
WeaknessExternal Control of File Name or Pathcwe-730%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-66254
CVE
CVE-2025-66251
CVE
CVE-2025-66256
CVE
CVE-2025-66253
CVE
CVE-2025-66255
CVE
CVE-2025-66262
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.