CVE-2025-66250
Unauthenticated Arbitrary File Upload (status_contents.php) in DB Electronica Telecomunicazioni S.p.A.

Publication date: 2025-11-26

Last updated on: 2025-12-03

Assigner: b7efe717-a805-47cf-8e9a-921fca0ce0ce

Description
Unauthenticated Arbitrary File Upload (status_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Allows unauthenticated arbitrary file upload via /var/tdf/status_contents.php.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Affected Vendors & Products
Vendor Product Version
db_electronica_telecomunicazioni mozart_fm_transmitter 300
db_electronica_telecomunicazioni mozart_fm_transmitter 6000
db_electronica_telecomunicazioni mozart_fm_transmitter 500
db_electronica_telecomunicazioni mozart_fm_transmitter 7000
db_electronica_telecomunicazioni mozart_fm_transmitter 100
db_electronica_telecomunicazioni mozart_fm_transmitter 30
db_electronica_telecomunicazioni mozart_fm_transmitter 3000
db_electronica_telecomunicazioni mozart_fm_transmitter 3500
db_electronica_telecomunicazioni mozart_fm_transmitter 1000
db_electronica_telecomunicazioni mozart_fm_transmitter 2000
db_electronica_telecomunicazioni mozart_fm_transmitter 50
dbbroadcast mozart_next_100_firmware *
dbbroadcast mozart_next_1000_firmware *
dbbroadcast mozart_next_2000_firmware *
dbbroadcast mozart_next_30_firmware *
dbbroadcast mozart_next_300_firmware *
dbbroadcast mozart_next_3000_firmware *
dbbroadcast mozart_next_3500_firmware *
dbbroadcast mozart_next_50_firmware *
dbbroadcast mozart_next_500_firmware *
dbbroadcast mozart_next_6000_firmware *
dbbroadcast mozart_next_7000_firmware *
dbbroadcast mozart_dds_next_30_firmware *
dbbroadcast mozart_dds_next_50_firmware *
dbbroadcast mozart_dds_next_100_firmware *
dbbroadcast mozart_dds_next_300_firmware *
dbbroadcast mozart_dds_next_500_firmware *
dbbroadcast mozart_dds_next_1000_firmware *
dbbroadcast mozart_dds_next_2000_firmware *
dbbroadcast mozart_dds_next_3000_firmware *
dbbroadcast mozart_dds_next_3500_firmware *
dbbroadcast mozart_dds_next_6000_firmware *
dbbroadcast mozart_dds_next_7000_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?


How can this vulnerability impact me? :


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart
Meta Information
CVE Publication Date:
2025-11-26
CVE Last Modified Date:
2025-12-03
Report Generation Date:
2025-12-10
AI Powered Q&A Generation:
2025-11-26
EPSS Last Evaluated Date:
2025-12-09
NVD Report Link: