1. Home
  2. CVE Database
  3. CVE-2025-63228
CRITICAL · 9.8

CVE-2025-63228

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /upload_file.php endpoint. An attacker can exploit this by se...

Vulnerability Description

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /upload_file.php endpoint. An attacker can exploit this by sending a crafted POST request with a malicious file (e.g., a PHP webshell) to the server. The uploaded file is stored in the /upload/ directory, enabling remote code execution and full system compromise.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
DbbroadcastMozart Next 100 Firmware-
DbbroadcastMozart Next 100-
DbbroadcastMozart Next 1000 Firmware-
DbbroadcastMozart Next 1000-
DbbroadcastMozart Next 2000 Firmware-
DbbroadcastMozart Next 2000-
DbbroadcastMozart Next 30 Firmware-
DbbroadcastMozart Next 30-
DbbroadcastMozart Next 300 Firmware-
DbbroadcastMozart Next 300-
DbbroadcastMozart Next 3000 Firmware-
DbbroadcastMozart Next 3000-
DbbroadcastMozart Next 3500 Firmware-
DbbroadcastMozart Next 3500-
DbbroadcastMozart Next 50 Firmware-
DbbroadcastMozart Next 50-
DbbroadcastMozart Next 500 Firmware-
DbbroadcastMozart Next 500-
DbbroadcastMozart Next 6000 Firmware-
DbbroadcastMozart Next 6000-

Related Weaknesses (CWE)

CWE-434

References

FAQ

What is CVE-2025-63228?

CVE-2025-63228 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /upload_file.php endpoint. An attacker can exploit this by se...

How severe is CVE-2025-63228?

CVE-2025-63228 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-63228?

Check the references section above for vendor advisories and patch information. Affected products include: Dbbroadcast Mozart Next 100 Firmware, Dbbroadcast Mozart Next 100, Dbbroadcast Mozart Next 1000 Firmware, Dbbroadcast Mozart Next 1000, Dbbroadcast Mozart Next 2000 Firmware.