CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-63951

An insecure deserialization vulnerability exists in the rss-mp3.php script of the MiczFlor RPi-Jukebox-RFID project through commit 4b2334f0ae0e87c0568876fc41c48c38aa9a7014 (2025-10-07). The 'rss' GET parameter receives data that is passed directly to the unserialize() function without validation. This allows a remote, unauthenticated attacker to inject arbitrary PHP objects, causing the application to process them and leading to errors or a denial of service.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.8%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2025-63951

Sourcefabric » Phoniebox » Version: 0.9

cpe:2.3:a:sourcefabric:phoniebox:0.9
Sourcefabric » Phoniebox » Version: 0.9.1

cpe:2.3:a:sourcefabric:phoniebox:0.9.1
Sourcefabric » Phoniebox » Version: 0.9.2

cpe:2.3:a:sourcefabric:phoniebox:0.9.2
Sourcefabric » Phoniebox » Version: 0.9.3

cpe:2.3:a:sourcefabric:phoniebox:0.9.3
Sourcefabric » Phoniebox » Version: 0.9.4

cpe:2.3:a:sourcefabric:phoniebox:0.9.4
Sourcefabric » Phoniebox » Version: 0.9.5

cpe:2.3:a:sourcefabric:phoniebox:0.9.5
Sourcefabric » Phoniebox » Version: 0.9.6

cpe:2.3:a:sourcefabric:phoniebox:0.9.6
Sourcefabric » Phoniebox » Version: 0.9.7

cpe:2.3:a:sourcefabric:phoniebox:0.9.7
Sourcefabric » Phoniebox » Version: 1.0.0

cpe:2.3:a:sourcefabric:phoniebox:1.0.0
Sourcefabric » Phoniebox » Version: 1.1.0

cpe:2.3:a:sourcefabric:phoniebox:1.1.0
Sourcefabric » Phoniebox » Version: 1.1.1

cpe:2.3:a:sourcefabric:phoniebox:1.1.1
Sourcefabric » Phoniebox » Version: 1.1.2

cpe:2.3:a:sourcefabric:phoniebox:1.1.2
Sourcefabric » Phoniebox » Version: 1.1.3

cpe:2.3:a:sourcefabric:phoniebox:1.1.3
Sourcefabric » Phoniebox » Version: 1.1.4

cpe:2.3:a:sourcefabric:phoniebox:1.1.4
Sourcefabric » Phoniebox » Version: 1.1.6

cpe:2.3:a:sourcefabric:phoniebox:1.1.6
Sourcefabric » Phoniebox » Version: 1.1.7

cpe:2.3:a:sourcefabric:phoniebox:1.1.7
Sourcefabric » Phoniebox » Version: 1.1.8

cpe:2.3:a:sourcefabric:phoniebox:1.1.8
Sourcefabric » Phoniebox » Version: 1.1.9

cpe:2.3:a:sourcefabric:phoniebox:1.1.9
Sourcefabric » Phoniebox » Version: 2.0.0

cpe:2.3:a:sourcefabric:phoniebox:2.0.0
Sourcefabric » Phoniebox » Version: 2.1.0

cpe:2.3:a:sourcefabric:phoniebox:2.1.0
Sourcefabric » Phoniebox » Version: 2.1.1

cpe:2.3:a:sourcefabric:phoniebox:2.1.1
Sourcefabric » Phoniebox » Version: 2.2.0

cpe:2.3:a:sourcefabric:phoniebox:2.2.0
Sourcefabric » Phoniebox » Version: 2.3.0

cpe:2.3:a:sourcefabric:phoniebox:2.3.0
Sourcefabric » Phoniebox » Version: 2.4.0

cpe:2.3:a:sourcefabric:phoniebox:2.4.0
Sourcefabric » Phoniebox » Version: 2.5.0

cpe:2.3:a:sourcefabric:phoniebox:2.5.0
Sourcefabric » Phoniebox » Version: 3.0.0

cpe:2.3:a:sourcefabric:phoniebox:3.0.0
Sourcefabric » Phoniebox » Version: 3.1.0

cpe:2.3:a:sourcefabric:phoniebox:3.1.0
Sourcefabric » Phoniebox » Version: 3.1.1

cpe:2.3:a:sourcefabric:phoniebox:3.1.1
Sourcefabric » Phoniebox » Version: 3.2.0

cpe:2.3:a:sourcefabric:phoniebox:3.2.0
Sourcefabric » Phoniebox » Version: 3.2.1

cpe:2.3:a:sourcefabric:phoniebox:3.2.1
Sourcefabric » Phoniebox » Version: 3.3.0

cpe:2.3:a:sourcefabric:phoniebox:3.3.0
Sourcefabric » Phoniebox » Version: 3.4.0

cpe:2.3:a:sourcefabric:phoniebox:3.4.0
Sourcefabric » Phoniebox » Version: 3.5.0

cpe:2.3:a:sourcefabric:phoniebox:3.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-63951

Products

Pricing

Contact Us