VYPR

FM Transmitter

by Mozart

CVEs (2)

  • CVE-2025-63228CriNov 18, 2025
    risk 0.64cvss 9.8epss 0.01

    The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /upload_file.php endpoint. An attacker can exploit this by sending a crafted POST request with a malicious file (e.g., a PHP webshell) to…

  • CVE-2025-63227HigNov 18, 2025
    risk 0.47cvss 7.2epss 0.01

    The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unrestricted file upload vulnerability in the /patch.php endpoint. An attacker with administrative credentials can upload arbitrary files (e.g., PHP webshells), which are stored in the…