Unrated severityNVD Advisory· Published Nov 18, 2025· Updated Nov 19, 2025
CVE-2025-63228
CVE-2025-63228
Description
The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /upload_file.php endpoint. An attacker can exploit this by sending a crafted POST request with a malicious file (e.g., a PHP webshell) to the server. The uploaded file is stored in the /upload/ directory, enabling remote code execution and full system compromise.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Mozart/FM Transmitterdescription
- Range: = WEBMOZZI-00287
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.