7.2
CVE-2025-63227
- EPSS 0.5%
- Veröffentlicht 18.11.2025 00:00:00
- Zuletzt bearbeitet 08.12.2025 14:43:49
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unrestricted file upload vulnerability in the /patch.php endpoint. An attacker with administrative credentials can upload arbitrary files (e.g., PHP webshells), which are stored in the /patch/ directory. This allows the attacker to execute arbitrary commands on the server, potentially leading to full system compromise.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dbbroadcast ≫ Mozart Next 100 Firmware Version-
Dbbroadcast ≫ Mozart Next 1000 Firmware Version-
Dbbroadcast ≫ Mozart Next 2000 Firmware Version-
Dbbroadcast ≫ Mozart Next 30 Firmware Version-
Dbbroadcast ≫ Mozart Next 300 Firmware Version-
Dbbroadcast ≫ Mozart Next 3000 Firmware Version-
Dbbroadcast ≫ Mozart Next 3500 Firmware Version-
Dbbroadcast ≫ Mozart Next 50 Firmware Version-
Dbbroadcast ≫ Mozart Next 500 Firmware Version-
Dbbroadcast ≫ Mozart Next 6000 Firmware Version-
Dbbroadcast ≫ Mozart Next 7000 Firmware Version-
Dbbroadcast ≫ Mozart Dds Next 30 Firmware Version-
Dbbroadcast ≫ Mozart Dds Next 50 Firmware Version-
Dbbroadcast ≫ Mozart Dds Next 100 Firmware Version-
Dbbroadcast ≫ Mozart Dds Next 300 Firmware Version-
Dbbroadcast ≫ Mozart Dds Next 500 Firmware Version-
Dbbroadcast ≫ Mozart Dds Next 1000 Firmware Version-
Dbbroadcast ≫ Mozart Dds Next 2000 Firmware Version-
Dbbroadcast ≫ Mozart Dds Next 3000 Firmware Version-
Dbbroadcast ≫ Mozart Dds Next 3500 Firmware Version-
Dbbroadcast ≫ Mozart Dds Next 6000 Firmware Version-
Dbbroadcast ≫ Mozart Dds Next 7000 Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.386 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://www.dbbroadcast.com/
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63227_Mozart_FM_Transmitter_authenticated_File_Upload