CVE-2025-60787

MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.
Configurations

No configuration.

History

03 Oct 2025, 16:16

Type Values Removed Values Added
New CVE

Information

Published : 2025-10-03 16:16

Updated : 2025-10-03 16:16


NVD link : CVE-2025-60787

Mitre link : CVE-2025-60787

CVE.ORG link : CVE-2025-60787


JSON object : View

Products Affected

No product.

CWE
CWE-20

Improper Input Validation

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-116

Improper Encoding or Escaping of Output