PT-2025-47402 · Unknown · Mozart Fm Transmitter
Published
2025-11-18
·
Updated
2025-11-19
·
CVE-2025-63228
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Mozart FM Transmitter version WEBMOZZI-00287
Description
The web management interface contains an unauthenticated file upload issue in the
/upload file.php endpoint. An attacker can send a crafted POST request with a malicious file to the server. Uploaded files are stored in the /upload/ directory, potentially leading to remote code execution and full system compromise.Recommendations
Apply a fix or update to address the unauthenticated file upload issue in the
/upload file.php endpoint.Exploit
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mozart Fm Transmitter