1. Home
  2. CVE Database
  3. CVE-2025-66254
CRITICAL · 9.1

CVE-2025-66254

Unauthenticated Arbitrary File Deletion (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allow...

Vulnerability Description

Unauthenticated Arbitrary File Deletion (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgrade parameter allows unauthenticated deletion of arbitrary files.  The `deleteupgrade` parameter in `/var/www/upgrade_contents.php` allows unauthenticated deletion of arbitrary files in `/var/www/upload/` without any extension restriction or path sanitization, enabling attackers to remove critical system files.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
DbbroadcastMozart Next 100 Firmware-
DbbroadcastMozart Next 100-
DbbroadcastMozart Next 1000 Firmware-
DbbroadcastMozart Next 1000-
DbbroadcastMozart Next 2000 Firmware-
DbbroadcastMozart Next 2000-
DbbroadcastMozart Next 30 Firmware-
DbbroadcastMozart Next 30-
DbbroadcastMozart Next 300 Firmware-
DbbroadcastMozart Next 300-
DbbroadcastMozart Next 3000 Firmware-
DbbroadcastMozart Next 3000-
DbbroadcastMozart Next 3500 Firmware-
DbbroadcastMozart Next 3500-
DbbroadcastMozart Next 50 Firmware-
DbbroadcastMozart Next 50-
DbbroadcastMozart Next 500 Firmware-
DbbroadcastMozart Next 500-
DbbroadcastMozart Next 6000 Firmware-
DbbroadcastMozart Next 6000-

Related Weaknesses (CWE)

CWE-73

References

FAQ

What is CVE-2025-66254?

CVE-2025-66254 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Unauthenticated Arbitrary File Deletion (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allow...

How severe is CVE-2025-66254?

CVE-2025-66254 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-66254?

Check the references section above for vendor advisories and patch information. Affected products include: Dbbroadcast Mozart Next 100 Firmware, Dbbroadcast Mozart Next 100, Dbbroadcast Mozart Next 1000 Firmware, Dbbroadcast Mozart Next 1000, Dbbroadcast Mozart Next 2000 Firmware.