CVE-2025-10327

Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.8.0

Description: A weakness exists in MiczFlor RPi-Jukebox-RFID up to version 2.8.0. This issue affects an unknown functionality within the /htdocs/api/playlist/shuffle.php file. Manipulation of the playlist argument can lead to OS command injection. The attack can be launched remotely. The exploit has been made publicly available. The vendor was notified but did not respond.

Recommendations: Versions prior to 2.8.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.