CVE-2025-63229 identifies a reflected Cross-Site Scripting (XSS) vulnerability in the Mozart FM Transmitter's web management interface, version WEBMOZZI-00287. The vulnerability resides in the /main0.php endpoint, where the ?m= query parameter fails to properly sanitize user input. This allows an attacker to inject arbitrary JavaScript code that is reflected back and executed in the context of the victim's browser session. Exploitation requires the victim to visit a crafted URL containing the malicious payload. Once executed, the attacker can hijack the user's session cookies, steal sensitive configuration data, or perform unauthorized actions within the management interface, potentially disrupting FM transmitter operations or exposing critical broadcast infrastructure details. The vulnerability does not require authentication to exploit, increasing its risk profile. No patches or official fixes have been released yet, and no public exploits are known. The lack of CVSS scoring complicates risk assessment, but the nature of the vulnerability and its potential impact on confidentiality and integrity are significant. The Mozart FM Transmitter is used in broadcast environments, making this a targeted threat to organizations managing radio transmission infrastructure.

For European organizations, particularly those involved in broadcast and media transmission, this vulnerability poses a risk to the confidentiality and integrity of their FM transmitter management systems. Successful exploitation could lead to unauthorized access to management sessions, enabling attackers to alter transmitter configurations, disrupt broadcast services, or exfiltrate sensitive operational data. This could result in service outages, reputational damage, and regulatory compliance issues, especially under GDPR if personal data is compromised. The reflected XSS nature means that social engineering or phishing could be used to lure administrators into clicking malicious links, increasing the attack surface. Given the critical role of broadcast infrastructure in communication and emergency services, the impact extends beyond individual organizations to potentially affect public information dissemination in Europe.

To mitigate this vulnerability, organizations should implement strict input validation and output encoding on the ?m= query parameter within the /main0.php endpoint to prevent injection of malicious scripts. Network-level controls should restrict access to the web management interface to trusted IP addresses or VPNs, minimizing exposure to external attackers. Administrators should be trained to recognize phishing attempts and avoid clicking on suspicious links. Monitoring and logging of web interface access should be enhanced to detect anomalous activities indicative of exploitation attempts. If possible, disabling the web management interface when not in use or isolating it within a secure management VLAN can reduce risk. Vendors should be engaged to provide patches or updated firmware addressing this issue. Until a patch is available, applying web application firewalls (WAFs) with rules to detect and block reflected XSS payloads targeting the ?m= parameter can provide interim protection.