CVE-2025-66254 – Unauthenticated Arbitrary File Deletion (upgrade_contents.php)

CVE ID : CVE-2025-66254

Published : Nov. 26, 2025, 12:37 a.m. | 22 minutes ago

Description : Unauthenticated Arbitrary File Deletion (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgrade parameter allows unauthenticated deletion of arbitrary files. 

The `deleteupgrade` parameter in `/var/www/upgrade_contents.php` allows unauthenticated deletion of arbitrary files in `/var/www/upload/` without any extension restriction or path sanitization, enabling attackers to remove critical system files.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-66265 – Insecure permissions in configuration directory (C:\usr)

CVE-2025-66264 – Unquoted Service path in AutoStart SYSTEM privileged service

CVE-2025-66260 – PostgreSQL SQL Injection (status_sql.php)

CVE-2025-66259 – Authenticated Root Remote Code Execution through improper filtering of HTTP post request parameters