Unrated severityNVD Advisory· Published Nov 26, 2025· Updated Dec 3, 2025
Unauthenticated Arbitrary File Deletion (upgrade_contents.php)
CVE-2025-66254
Description
Unauthenticated Arbitrary File Deletion (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgrade parameter allows unauthenticated deletion of arbitrary files.
The deleteupgrade parameter in /var/www/upgrade_contents.php allows unauthenticated deletion of arbitrary files in /var/www/upload/ without any extension restriction or path sanitization, enabling attackers to remove critical system files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000+ 1 more
- (no CPE)range: versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000
- (no CPE)range: 30
Patches
Vulnerability mechanics
References
1- www.abdulmhsblog.com/posts/webfmvulns/mitreexploittechnical-description
News mentions
0No linked articles in our index yet.