Security Advisory

CVE-2025-63228

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-18 00:00:00

Last updated 2025-11-19 15:45:32

Assigner mitre

State PUBLISHED

Description

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /upload_file.php endpoint. An attacker can exploit this by sending a crafted POST request with a malicious file (e.g., a PHP webshell) to the server. The uploaded file is stored in the /upload/ directory, enabling remote code execution and full system compromise.

← Browse all CVEs View on cve.org ↗