CVE-2025-63228: n/a
The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /upload_file.php endpoint. An attacker can exploit this by sending a crafted POST request with a malicious file (e.g., a PHP webshell) to the server. The uploaded file is stored in the /upload/ directory, enabling remote code execution and full system compromise.
CVE-2025-63228: n/a
Description
The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /upload_file.php endpoint. An attacker can exploit this by sending a crafted POST request with a malicious file (e.g., a PHP webshell) to the server. The uploaded file is stored in the /upload/ directory, enabling remote code execution and full system compromise.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2025-10-27T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 691cd3b5b044fc99aa3e1008
Added to database: 11/18/2025, 8:14:45 PM
Last updated: 11/18/2025, 8:14:53 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-63225: n/a
CriticalCVE-2025-37163: Vulnerability in Hewlett Packard Enterprise (HPE) HPE Aruba Networking Management Software (Airwave)
HighCVE-2025-37162: Vulnerability in Hewlett Packard Enterprise (HPE) HPE Aruba Networking 100 Series Cellular Bridge
MediumCVE-2025-37161: Vulnerability in Hewlett Packard Enterprise (HPE) HPE Aruba Networking 100 Series Cellular Bridge
HighCVE-2025-63227: n/a
UnknownActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.