Vulnerability Details CVE-2025-63227
The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unrestricted file upload vulnerability in the /patch.php endpoint. An attacker with administrative credentials can upload arbitrary files (e.g., PHP webshells), which are stored in the /patch/ directory. This allows the attacker to execute arbitrary commands on the server, potentially leading to full system compromise.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.8%
CVSS Severity
CVSS v3 Score 7.2
References
Products affected by CVE-2025-63227
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_1000:-
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_100:-
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_2000:-
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_3000:-
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_300:-
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_30:-
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_3500:-
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_500:-
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_50:-
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_6000:-
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_7000:-
-
cpe:2.3:h:dbbroadcast:mozart_next_1000:-
-
cpe:2.3:h:dbbroadcast:mozart_next_100:-
-
cpe:2.3:h:dbbroadcast:mozart_next_2000:-
-
cpe:2.3:h:dbbroadcast:mozart_next_3000:-
-
cpe:2.3:h:dbbroadcast:mozart_next_300:-
-
cpe:2.3:h:dbbroadcast:mozart_next_30:-
-
cpe:2.3:h:dbbroadcast:mozart_next_3500:-
-
cpe:2.3:h:dbbroadcast:mozart_next_500:-
-
cpe:2.3:h:dbbroadcast:mozart_next_50:-
-
cpe:2.3:h:dbbroadcast:mozart_next_6000:-
-
cpe:2.3:h:dbbroadcast:mozart_next_7000:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_1000_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_100_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_2000_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_3000_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_300_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_30_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_3500_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_500_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_50_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_6000_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_7000_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_1000_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_100_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_2000_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_3000_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_300_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_30_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_3500_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_500_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_50_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_6000_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_7000_firmware:-