CVE-2025-63228 – Mozart FM Transmitter Unauthenticated Remote Code Execution File Upload Vulnerability

CVE ID : CVE-2025-63228

Published : Nov. 18, 2025, 8:15 p.m. | 49 minutes ago

Description : The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /upload_file.php endpoint. An attacker can exploit this by sending a crafted POST request with a malicious file (e.g., a PHP webshell) to the server. The uploaded file is stored in the /upload/ directory, enabling remote code execution and full system compromise.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…