CVE-2025-10327 | MiczFlor RPi-Jukebox-RFID up to 2.8.0 shuffle.php playlist os command injection

A vulnerability, which was classified as critical, was found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/api/playlist/shuffle.php. Executing manipulation of the argument playlist can lead to os command injection.

This vulnerability is tracked as CVE-2025-10327. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More