CVE-2025-47782 Information
Description
motionEye is an online interface for the software motion a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3 using a constructed (camera) device path with the add/add_camera motionEye web API allows an attacker with motionEye admin user credentials to execute any command within a non-interactive shell as motionEye run user motion by default. The vulnerability has been patched with motionEye v0.43.1b4. As a workaround apply the patch manually.
Reference
https://github.com/motioneye-project/motioneye/issues/3142 https://github.com/motioneye-project/motioneye/pull/3143 https://github.com/motioneye-project/motioneye/security/advisories/GHSA-g5mq-prx7-c588 https://github.com/motioneye-project/motioneye/security/advisories/GHSA-g5mq-prx7-c588
Share on: