Vulnerability Details CVE-2025-63228
The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /upload_file.php endpoint. An attacker can exploit this by sending a crafted POST request with a malicious file (e.g., a PHP webshell) to the server. The uploaded file is stored in the /upload/ directory, enabling remote code execution and full system compromise.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.2%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2025-63228
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_1000:-
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_100:-
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_2000:-
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_3000:-
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_300:-
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_30:-
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_3500:-
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_500:-
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_50:-
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_6000:-
-
cpe:2.3:h:dbbroadcast:mozart_dds_next_7000:-
-
cpe:2.3:h:dbbroadcast:mozart_next_1000:-
-
cpe:2.3:h:dbbroadcast:mozart_next_100:-
-
cpe:2.3:h:dbbroadcast:mozart_next_2000:-
-
cpe:2.3:h:dbbroadcast:mozart_next_3000:-
-
cpe:2.3:h:dbbroadcast:mozart_next_300:-
-
cpe:2.3:h:dbbroadcast:mozart_next_30:-
-
cpe:2.3:h:dbbroadcast:mozart_next_3500:-
-
cpe:2.3:h:dbbroadcast:mozart_next_500:-
-
cpe:2.3:h:dbbroadcast:mozart_next_50:-
-
cpe:2.3:h:dbbroadcast:mozart_next_6000:-
-
cpe:2.3:h:dbbroadcast:mozart_next_7000:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_1000_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_100_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_2000_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_3000_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_300_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_30_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_3500_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_500_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_50_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_6000_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_dds_next_7000_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_1000_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_100_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_2000_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_3000_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_300_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_30_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_3500_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_500_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_50_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_6000_firmware:-
-
cpe:2.3:o:dbbroadcast:mozart_next_7000_firmware:-