CVE-2025-66257 is a critical vulnerability classified under CWE-73 (Improper Neutralization of Special Elements used in a Pathname) affecting the Mozart FM Transmitter devices produced by DB Electronica Telecomunicazioni S.p.A. The vulnerability resides in the patch_contents.php script, specifically in the handling of the deletepatch parameter. This parameter allows an unauthenticated attacker to delete arbitrary files located in the /var/www/patch/ directory on the device. The root cause is the lack of input sanitization and absence of access control checks, enabling attackers to craft HTTP requests that specify files to be deleted without any authentication or authorization. The affected product versions span a wide range, from version 30 up to 7000, indicating a long-standing issue across multiple generations of the device. The vulnerability has a CVSS 4.0 base score of 9.2, reflecting its critical severity due to network attack vector (no local access needed), low attack complexity, no privileges or user interaction required, and high impact on integrity and availability. Exploiting this flaw can result in deletion of critical patch files, potentially causing device malfunction, denial of service, or disruption of FM transmission services. Although no public exploits have been reported yet, the vulnerability's characteristics make it highly exploitable. The Mozart FM Transmitter is used in broadcasting environments, where availability and integrity of transmission equipment are paramount. This vulnerability could be leveraged by attackers to disrupt broadcast services or cause operational downtime. The lack of authentication means that any attacker with network access to the device's management interface can exploit this flaw. Given the criticality, immediate remediation is necessary. The vendor has not yet published patches, so interim mitigations such as network segmentation, firewall rules, and monitoring for suspicious HTTP requests targeting patch_contents.php are recommended. Organizations should inventory affected devices and prepare for rapid patch deployment once available.

For European organizations, especially those in broadcasting, telecommunications, and media sectors, this vulnerability poses a significant risk. Exploitation can lead to arbitrary deletion of files critical to the operation and patching of Mozart FM Transmitter devices, resulting in service outages or degraded transmission quality. This can disrupt radio broadcast services, impacting communication, emergency alerts, and media delivery. The unauthenticated nature of the vulnerability means attackers can exploit it remotely without credentials, increasing the attack surface. Disruption of FM transmitters can also affect public safety communications in some regions. Additionally, the integrity and availability of these devices are compromised, potentially leading to costly downtime and reputational damage. The broad range of affected versions indicates many deployed devices could be vulnerable, increasing the likelihood of exploitation. Although no known exploits are currently in the wild, the critical CVSS score and ease of exploitation suggest that threat actors may develop exploits soon, making proactive mitigation essential.

1. Immediate network segmentation: Isolate Mozart FM Transmitter devices from general network access, restricting management interfaces to trusted administrative networks only. 2. Implement strict firewall rules to block unauthorized access to patch_contents.php and related management endpoints, allowing only known IP addresses or VPN connections. 3. Monitor HTTP requests to patch_contents.php for suspicious deletepatch parameter usage, setting up alerts for anomalous file deletion attempts. 4. Conduct a thorough inventory of all Mozart FM Transmitter devices across the organization to identify affected versions. 5. Engage with DB Electronica Telecomunicazioni S.p.A. for official patches or firmware updates addressing CVE-2025-66257 and plan rapid deployment once available. 6. If patches are delayed, consider temporary compensating controls such as disabling the vulnerable functionality if feasible or applying web application firewalls (WAF) with custom rules to block malicious requests. 7. Train network and security teams to recognize exploitation attempts and respond promptly. 8. Regularly review and update access control policies to minimize exposure of critical infrastructure devices. 9. Maintain backups of device configurations and critical files to enable recovery in case of successful exploitation. 10. Collaborate with industry peers and national cybersecurity centers to share threat intelligence and mitigation strategies.