CVE-2025-66251 is a path traversal vulnerability classified under CWE-22, affecting the Mozart FM Transmitter devices produced by DB Electronica Telecomunicazioni S.p.A. The vulnerability exists in multiple versions ranging from 30 up to 7000. It allows an unauthenticated attacker to manipulate the 'deletehidden' parameter to traverse directories and delete arbitrary .tgz files on the device. Since the vulnerability does not require any authentication or user interaction, it can be exploited remotely over the network. The deletion of .tgz files, which are typically archive files possibly containing firmware, configuration backups, or logs, can lead to significant disruption of the transmitter’s operation, potentially causing denial of service or loss of critical data integrity. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:H/SA:N) highlights that the attack is network-based, requires low attack complexity, no privileges or user interaction, and impacts both integrity and availability with a high scope impact. Although no exploits have been reported in the wild yet, the broad range of affected versions and the critical nature of the devices in broadcast infrastructure make this a serious threat. No official patches have been released at the time of publication, increasing the urgency for defensive measures.

For European organizations, particularly broadcasters and telecom operators using DB Electronica’s Mozart FM Transmitters, this vulnerability poses a significant risk. Exploitation can lead to deletion of critical firmware or configuration archives, resulting in device malfunction or complete service outages. This can disrupt radio broadcast services, impacting communication, emergency alerts, and media distribution. The loss of data integrity and availability can also affect regulatory compliance and damage organizational reputation. Given the unauthenticated nature of the attack, threat actors can remotely target these devices without prior access, increasing the attack surface. The impact is especially critical for national and regional broadcasters in Europe that rely on these transmitters for continuous operation. Disruptions could also have cascading effects on public safety communications and commercial broadcasting revenue.

1. Immediately restrict network access to the management interfaces of Mozart FM Transmitters, limiting connections to trusted internal networks or VPNs. 2. Implement strict firewall rules to block unauthorized inbound traffic targeting the 'deletehidden' parameter or related API endpoints. 3. Monitor device logs and network traffic for unusual deletion requests or path traversal patterns indicative of exploitation attempts. 4. Coordinate with DB Electronica Telecomunicazioni S.p.A. to obtain security advisories and patches as soon as they become available. 5. Where possible, isolate vulnerable devices from the internet or untrusted networks until patched. 6. Conduct regular backups of device configurations and firmware archives to enable rapid recovery in case of file deletion. 7. Employ intrusion detection/prevention systems (IDS/IPS) with signatures tuned to detect path traversal attacks. 8. Educate operational staff about the vulnerability and signs of exploitation to enable prompt incident response.