CVE-2025-66257 is a critical vulnerability classified under CWE-73 (Improper Neutralization of File Path Elements) affecting the Mozart FM Transmitter product line by DB Electronica Telecomunicazioni S.p.A. The vulnerability resides in the patch_contents.php script, specifically in the handling of the deletepatch parameter. This parameter is used to specify files to be deleted within the /var/www/patch/ directory. Due to lack of input validation and absence of authentication or access control checks, an unauthenticated attacker can craft HTTP requests to delete arbitrary files within this directory. The affected versions include a broad range of product variants (30 through 7000), indicating widespread exposure across the product line. The vulnerability has a CVSS 4.0 base score of 9.2, reflecting its critical severity, with attack vector being network-based, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability. The deletion of arbitrary files can disrupt the patching mechanism or other critical files, potentially leading to denial of service or further exploitation opportunities. Although no public exploits have been reported yet, the simplicity of exploitation and the critical impact make this a high-risk vulnerability. The patch_contents.php script is typically accessible on the device's web interface, which if exposed to untrusted networks, increases the attack surface. This vulnerability highlights the need for strict input validation, authentication enforcement, and secure coding practices in embedded telecommunications devices.

For European organizations, particularly those operating FM broadcasting infrastructure or telecommunications networks using DB Electronica Mozart FM Transmitters, this vulnerability poses a significant risk. Successful exploitation can result in arbitrary deletion of files critical to device operation, potentially causing service outages or degraded performance. This can disrupt broadcasting services, impacting communication channels and regulatory compliance. The integrity of patch management processes may also be compromised, increasing the risk of further vulnerabilities remaining unpatched. Given the criticality of telecommunications infrastructure in Europe, such disruptions could affect emergency services, media outlets, and commercial broadcasters. Additionally, the unauthenticated nature of the vulnerability means attackers can exploit it remotely without credentials, increasing the likelihood of attacks from external threat actors. The impact extends beyond availability to potential integrity loss if attackers delete or manipulate files to facilitate further compromise. Organizations may face operational downtime, reputational damage, and regulatory scrutiny, especially under EU cybersecurity regulations such as NIS2. The absence of known exploits in the wild currently provides a window for proactive mitigation before widespread attacks occur.

1. Immediately restrict access to the patch_contents.php endpoint by implementing network segmentation and firewall rules to limit access only to trusted management networks. 2. Deploy web application firewalls (WAF) or intrusion prevention systems (IPS) with custom rules to detect and block suspicious requests targeting the deletepatch parameter. 3. Monitor device logs for unusual HTTP requests to patch_contents.php and alert on any attempts to use the deletepatch parameter. 4. Coordinate with DB Electronica Telecomunicazioni S.p.A. to obtain and apply official patches or firmware updates addressing this vulnerability as soon as they become available. 5. If patches are not yet available, consider disabling or restricting the web management interface on exposed devices temporarily. 6. Conduct an inventory of all Mozart FM Transmitter devices in the environment to identify and prioritize remediation efforts. 7. Implement strict input validation and authentication controls on management interfaces in future deployments to prevent similar vulnerabilities. 8. Educate operational technology (OT) and network teams about this vulnerability to ensure rapid detection and response. 9. Regularly back up device configurations and critical files to enable recovery in case of file deletion. 10. Engage with telecom regulatory bodies to report and coordinate mitigation efforts if widespread exploitation is detected.