CVE-2025-66257

Опубликовано: 26 нояб. 2025

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletepatch parameter allows unauthenticated deletion of arbitrary files. The deletepatch parameter in patch_contents.php allows unauthenticated deletion of arbitrary files in /var/www/patch/ directory without sanitization or access control checks.

Ссылки

https://www.abdulmhsblog.com/posts/webfmvulns/
Exploit
Third Party Advisory
https://www.abdulmhsblog.com/posts/webfmvulns/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_100:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_1000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_1000:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_2000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_2000:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_30_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_30:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_300:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_3000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_3000:-:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_3500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_3500:-:*:*:*:*:*:*:*

Конфигурация 8

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_50:-:*:*:*:*:*:*:*

Конфигурация 9

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_500:-:*:*:*:*:*:*:*

Конфигурация 10

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_6000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_6000:-:*:*:*:*:*:*:*

Конфигурация 11

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_7000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_7000:-:*:*:*:*:*:*:*

Конфигурация 12

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_30_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_30:-:*:*:*:*:*:*:*

Конфигурация 13

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_50:-:*:*:*:*:*:*:*

Конфигурация 14

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_100:-:*:*:*:*:*:*:*

Конфигурация 15

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_300:-:*:*:*:*:*:*:*

Конфигурация 16

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_500:-:*:*:*:*:*:*:*

Конфигурация 17

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_1000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_1000:-:*:*:*:*:*:*:*

Конфигурация 18

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_2000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_2000:-:*:*:*:*:*:*:*

Конфигурация 19

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_3000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_3000:-:*:*:*:*:*:*:*

Конфигурация 20

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_3500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_3500:-:*:*:*:*:*:*:*

Конфигурация 21

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_6000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_6000:-:*:*:*:*:*:*:*

Конфигурация 22

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_7000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_7000:-:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00119

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-73

Связанные уязвимости

GHSA-g8rh-w59p-62h4

CVSS3: 9.1

github

2 месяца назад

Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletepatch parameter allows unauthenticated deletion of arbitrary files. The `deletepatch` parameter in `patch_contents.php` allows unauthenticated deletion of arbitrary files in `/var/www/patch/` directory without sanitization or access control checks.

EPSS

Процентиль: 32%

0.00119

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-73