CVE-2025-60787

HIGH

Exploit for OS Command Injection in Motioneye_Project Motioneye

Details

CVSS v3: 7.2
NVD published: 2025-10-03 16:16:20
EPSS: 66.0% probability · 98.5th percentile — 2026-03-13
Affected versions: cpe:2.3:a:motioneye_project:motioneye:0.42.1:*:*:*:*:*:*:* cpe:2.3:a:motioneye_project:motioneye:0.43.1:beta1:*:*:*:*:*:* cpe:2.3:a:motioneye_project:motioneye:0.43.1:beta2:*:*:*:*:*:* cpe:2.3:a:motioneye_project:motioneye:0.43.1:beta3:*:*:*:*:*:* cpe:2.3:a:motioneye_project:motioneye:0.43.1:beta4:*:*:*:*:*:*
Summary: MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.
Remediation: Not available in our cache.
Exploit info: https://github.com/prabhatverma47/motionEye-RCE-through-config-parameter

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.