Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-47782

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with the `add`/`add_camera` motionEye web API allows an attacker with motionEye admin user credentials to execute any command within a non-interactive shell as motionEye run user, `motion` by default. The vulnerability has been patched with motionEye v0.43.1b4. As a workaround, apply the patch manually.

Published

2025-05-14T16:15:29.580

Last Modified

2025-05-16T14:43:56.797

Status

Awaiting Analysis

Source

[email protected]

Severity

Weaknesses

Type: Secondary
CWE-78

Affected Vendors & Products

References

https://github.com/motioneye-project/motioneye/issues/3142 ([email protected])
https://github.com/motioneye-project/motioneye/pull/3143 ([email protected])
https://github.com/motioneye-project/motioneye/security/advisories/GHSA-g5mq-prx7-c588 ([email protected])
https://github.com/motioneye-project/motioneye/security/advisories/GHSA-g5mq-prx7-c588 (134c704f-9b21-4f2e-91b3-4a467353bcc0)