Security Advisory

CVE-2025-63227

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-18 00:00:00

Last updated 2025-11-19 15:46:24

Assigner mitre

State PUBLISHED

Description

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unrestricted file upload vulnerability in the /patch.php endpoint. An attacker with administrative credentials can upload arbitrary files (e.g., PHP webshells), which are stored in the /patch/ directory. This allows the attacker to execute arbitrary commands on the server, potentially leading to full system compromise.

← Browse all CVEs View on cve.org ↗