CVE-2025-66251 is a path traversal vulnerability classified under CWE-22, discovered in the Mozart FM Transmitter devices produced by DB Electronica Telecomunicazioni S.p.A. This vulnerability affects a broad range of product versions (30 through 7000). The core issue lies in the improper validation of the 'deletehidden' parameter, which an unauthenticated attacker can manipulate to traverse directories and delete arbitrary .tgz files on the device's filesystem. Since .tgz files often contain compressed archives, their deletion could disrupt system functionality or configuration, potentially causing device malfunction or denial of service. The vulnerability is remotely exploitable over the network without any authentication or user interaction, making it highly accessible to attackers. The CVSS 4.0 score is 7.7 (high), reflecting the ease of exploitation and significant impact on system integrity and availability. The scope is high because the vulnerability affects multiple versions and potentially many deployed devices. No patches or mitigations have been officially released yet, and no known exploits have been observed in the wild. The vulnerability does not impact confidentiality directly but severely affects integrity and availability by enabling arbitrary file deletion. The lack of authentication and user interaction requirements increases the risk of exploitation, especially in exposed network environments.

For European organizations, especially broadcasters and telecommunications providers using Mozart FM Transmitters, this vulnerability poses a significant risk of service disruption. Arbitrary deletion of .tgz files could lead to loss of critical configuration data, software components, or backups, resulting in device malfunction or complete outage. This can degrade broadcast services, impacting communication reliability and potentially causing regulatory and reputational damage. The unauthenticated nature of the exploit means attackers can launch attacks remotely without insider access, increasing the threat surface. Given the strategic importance of radio and FM transmission infrastructure in emergency communications and public information dissemination, exploitation could have broader societal impacts. Additionally, cascading failures in interconnected systems relying on these transmitters could amplify operational disruptions. Organizations may face increased incident response costs and downtime, and in some cases, compliance issues if critical infrastructure is compromised.

1. Immediately restrict network access to the management interfaces of Mozart FM Transmitters, ensuring they are not exposed to untrusted networks or the internet. 2. Implement strict firewall rules and network segmentation to isolate these devices from general IT networks. 3. Monitor network traffic for unusual requests targeting the 'deletehidden' parameter or suspicious file deletion attempts. 4. Employ intrusion detection/prevention systems (IDS/IPS) with custom signatures to detect exploitation attempts. 5. Regularly back up device configurations and critical files externally to enable recovery if deletion occurs. 6. Engage with DB Electronica Telecomunicazioni S.p.A. for official patches or firmware updates and apply them promptly once available. 7. Conduct security audits and penetration testing focused on path traversal and file manipulation vulnerabilities in the affected devices. 8. Educate operational staff on the risks and signs of exploitation to ensure rapid incident detection and response. 9. Consider deploying application-layer gateways or proxies that can sanitize and validate incoming requests to the transmitter devices.