MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.
References
Configurations
No configuration.
History
03 Oct 2025, 16:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-10-03 16:16
Updated : 2025-10-03 16:16
NVD link : CVE-2025-60787
Mitre link : CVE-2025-60787
CVE.ORG link : CVE-2025-60787
JSON object : View
Products Affected
No product.