Vulnerability Details CVE-2025-60787
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.335
EPSS Ranking 96.7%
CVSS Severity
CVSS v3 Score 7.2
References
Products affected by CVE-2025-60787
-
cpe:2.3:a:motioneye_project:motioneye:0.42.1
-
cpe:2.3:a:motioneye_project:motioneye:0.43.1