CVE-2025-47782

Sažetak

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with the `add`/`add_camera` motionEye web API allows an attacker with motionEye admin user credentials to execute any command within a non-interactive shell as motionEye run user, `motion` by default. The vulnerability has been patched with motionEye v0.43.1b4. As a workaround, apply the patch manually.

Reference

https://github.com/motioneye-project/motioneye/issues/3142
https://github.com/motioneye-project/motioneye/pull/3143
https://github.com/motioneye-project/motioneye/security/advisories/GHSA-g5mq-prx7-c588
https://github.com/motioneye-project/motioneye/security/advisories/GHSA-g5mq-prx7-c588

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

16-05-2025 - 14:43

Objavljeno

14-05-2025 - 16:15