CVE-2025-62382

Name of the Vulnerable Software and Affected Versions Frigate versions prior to 0.16.2

Description Frigate, a network video recorder with real-time object detection for IP cameras, contains a flaw in its export workflow. Before version 0.16.2, an authenticated user could specify any filesystem location as the thumbnail source for video exports. This path is then copied to the publicly accessible clips directory, allowing the reading of arbitrary files on the host system. This allows a low-privilege user with API access to potentially access sensitive configuration files, secrets, or user data. The issue arises from a violation of the principle of least privilege within the export subsystem. The exploitation involves a timing window during file copying before cleanup occurs.

Recommendations Update to Frigate version 0.16.2 or later.