CVE-2025-63227

Name of the Vulnerable Software and Affected Versions Mozart FM Transmitter version WEBMOZZI-00287

Description The Mozart FM Transmitter web management interface version WEBMOZZI-00287 has an unrestricted file upload issue in the /patch.php endpoint. An attacker with administrative access can upload arbitrary files, such as PHP webshells, to the /patch/ directory. Successful exploitation allows the attacker to execute arbitrary commands on the server, potentially resulting in full system compromise.

Recommendations Apply restrictions to file uploads in the /patch.php endpoint. Restrict administrative access to the web management interface.