CVE-2025-63227

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

he Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unrestricted file upload vulnerability in the /patch.php endpoint. An attacker with administrative credentials can upload arbitrary files (e.g., PHP webshells), which are stored in the /patch/ directory. This allows the attacker to execute arbitrary commands on the server, potentially leading to full system compromise.

References

Link	Resource
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63227_Mozart_FM_Transmitter_authenticated_File_Upload	Exploit Third Party Advisory
https://www.dbbroadcast.com/	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_next_100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_next_1000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_1000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_next_2000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_2000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_next_30_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_30:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_next_300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_300:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_next_3000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_3000:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_next_3500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_3500:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_next_50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_50:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_next_500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_500:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_next_6000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_6000:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_next_7000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_next_7000:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_dds_next_30_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_30:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_dds_next_50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_50:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_dds_next_100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_100:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_dds_next_300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_300:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_dds_next_500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_500:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_dds_next_1000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_1000:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_dds_next_2000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_2000:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_dds_next_3000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_3000:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_dds_next_3500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_3500:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_dds_next_6000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_6000:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:dbbroadcast:mozart_dds_next_7000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dbbroadcast:mozart_dds_next_7000:-:*:*:*:*:*:*:*

History

08 Dec 2025, 14:43

Type	Values Removed	Values Added
CPE		cpe:2.3:o:dbbroadcast:mozart_next_300_firmware:-:::::::* cpe:2.3:o:dbbroadcast:mozart_dds_next_6000_firmware:-:::::::* cpe:2.3:h:dbbroadcast:mozart_next_2000:-:::::::* cpe:2.3:o:dbbroadcast:mozart_dds_next_3000_firmware:-:::::::* cpe:2.3:h:dbbroadcast:mozart_dds_next_1000:-:::::::* cpe:2.3:o:dbbroadcast:mozart_dds_next_500_firmware:-:::::::* cpe:2.3:h:dbbroadcast:mozart_next_100:-:::::::* cpe:2.3:h:dbbroadcast:mozart_dds_next_2000:-:::::::* cpe:2.3:o:dbbroadcast:mozart_next_3500_firmware:-:::::::* cpe:2.3:h:dbbroadcast:mozart_dds_next_7000:-:::::::* cpe:2.3:h:dbbroadcast:mozart_next_6000:-:::::::* cpe:2.3:o:dbbroadcast:mozart_dds_next_2000_firmware:-:::::::* cpe:2.3:o:dbbroadcast:mozart_next_6000_firmware:-:::::::* cpe:2.3:h:dbbroadcast:mozart_dds_next_6000:-:::::::* cpe:2.3:h:dbbroadcast:mozart_next_30:-:::::::* cpe:2.3:o:dbbroadcast:mozart_next_50_firmware:-:::::::* cpe:2.3:o:dbbroadcast:mozart_dds_next_100_firmware:-:::::::* cpe:2.3:h:dbbroadcast:mozart_next_300:-:::::::* cpe:2.3:o:dbbroadcast:mozart_dds_next_300_firmware:-:::::::* cpe:2.3:o:dbbroadcast:mozart_next_500_firmware:-:::::::* cpe:2.3:h:dbbroadcast:mozart_dds_next_3000:-:::::::* cpe:2.3:h:dbbroadcast:mozart_dds_next_500:-:::::::* cpe:2.3:h:dbbroadcast:mozart_next_500:-:::::::* cpe:2.3:h:dbbroadcast:mozart_dds_next_100:-:::::::* cpe:2.3:h:dbbroadcast:mozart_dds_next_50:-:::::::* cpe:2.3:h:dbbroadcast:mozart_dds_next_3500:-:::::::* cpe:2.3:o:dbbroadcast:mozart_next_30_firmware:-:::::::* cpe:2.3:o:dbbroadcast:mozart_next_2000_firmware:-:::::::* cpe:2.3:h:dbbroadcast:mozart_next_50:-:::::::* cpe:2.3:o:dbbroadcast:mozart_dds_next_7000_firmware:-:::::::* cpe:2.3:o:dbbroadcast:mozart_next_1000_firmware:-:::::::* cpe:2.3:o:dbbroadcast:mozart_dds_next_1000_firmware:-:::::::* cpe:2.3:o:dbbroadcast:mozart_next_7000_firmware:-:::::::* cpe:2.3:o:dbbroadcast:mozart_dds_next_50_firmware:-:::::::* cpe:2.3:o:dbbroadcast:mozart_dds_next_3500_firmware:-:::::::* cpe:2.3:h:dbbroadcast:mozart_next_1000:-:::::::* cpe:2.3:h:dbbroadcast:mozart_next_3500:-:::::::* cpe:2.3:o:dbbroadcast:mozart_dds_next_30_firmware:-:::::::* cpe:2.3:h:dbbroadcast:mozart_next_7000:-:::::::* cpe:2.3:h:dbbroadcast:mozart_dds_next_30:-:::::::* cpe:2.3:o:dbbroadcast:mozart_next_3000_firmware:-:::::::* cpe:2.3:h:dbbroadcast:mozart_dds_next_300:-:::::::* cpe:2.3:h:dbbroadcast:mozart_next_3000:-:::::::* cpe:2.3:o:dbbroadcast:mozart_next_100_firmware:-:::::::*
References	~~() https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63227_Mozart_FM_Transmitter_authenticated_File_Upload -~~	() https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63227_Mozart_FM_Transmitter_authenticated_File_Upload - Exploit, Third Party Advisory
References	~~() https://www.dbbroadcast.com/ -~~	() https://www.dbbroadcast.com/ - Product
First Time		Dbbroadcast mozart Next 3000 Firmware Dbbroadcast mozart Next 50 Firmware Dbbroadcast mozart Next 100 Dbbroadcast mozart Next 30 Dbbroadcast Dbbroadcast mozart Dds Next 6000 Dbbroadcast mozart Next 50 Dbbroadcast mozart Dds Next 2000 Firmware Dbbroadcast mozart Dds Next 3500 Dbbroadcast mozart Dds Next 7000 Dbbroadcast mozart Next 30 Firmware Dbbroadcast mozart Next 500 Dbbroadcast mozart Dds Next 7000 Firmware Dbbroadcast mozart Dds Next 100 Firmware Dbbroadcast mozart Dds Next 3000 Firmware Dbbroadcast mozart Next 3000 Dbbroadcast mozart Dds Next 3500 Firmware Dbbroadcast mozart Next 2000 Dbbroadcast mozart Next 300 Firmware Dbbroadcast mozart Dds Next 3000 Dbbroadcast mozart Dds Next 1000 Firmware Dbbroadcast mozart Next 300 Dbbroadcast mozart Next 1000 Firmware Dbbroadcast mozart Next 3500 Dbbroadcast mozart Next 6000 Firmware Dbbroadcast mozart Next 6000 Dbbroadcast mozart Next 2000 Firmware Dbbroadcast mozart Next 7000 Firmware Dbbroadcast mozart Dds Next 50 Dbbroadcast mozart Dds Next 1000 Dbbroadcast mozart Next 100 Firmware Dbbroadcast mozart Dds Next 6000 Firmware Dbbroadcast mozart Next 7000 Dbbroadcast mozart Dds Next 500 Dbbroadcast mozart Dds Next 30 Firmware Dbbroadcast mozart Dds Next 100 Dbbroadcast mozart Dds Next 300 Firmware Dbbroadcast mozart Dds Next 300 Dbbroadcast mozart Next 500 Firmware Dbbroadcast mozart Dds Next 2000 Dbbroadcast mozart Dds Next 50 Firmware Dbbroadcast mozart Dds Next 30 Dbbroadcast mozart Next 3500 Firmware Dbbroadcast mozart Next 1000 Dbbroadcast mozart Dds Next 500 Firmware

19 Nov 2025, 16:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.2
CWE		CWE-434

18 Nov 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-11-18 20:15

Updated : 2025-12-08 14:43

NVD link : CVE-2025-63227

Mitre link : CVE-2025-63227

CVE.ORG link : CVE-2025-63227

JSON object : View

Products Affected

dbbroadcast

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

7.2 /10