PT-2025-21180 · Motioneye · Motioneye
Published
2025-05-14
·
Updated
2025-05-15
·
CVE-2025-47782
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
motionEye versions 0.43.1b1 through 0.43.1b3
Description:
The issue allows an attacker with admin user credentials to execute any command within a non-interactive shell as the motionEye run user,
motion by default, by using a constructed device path with the add/add camera motionEye web API.Recommendations:
For versions 0.43.1b1 through 0.43.1b3, update to motionEye v0.43.1b4 to resolve the issue.
As a temporary workaround for versions 0.43.1b1 through 0.43.1b3, apply the patch manually.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Motioneye