CVE-2025-47782 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a con…
High CVSS: 8.9

CVE-2025-47782

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with the `add`/`add_camera` motionEye web API allows an attacker with motionEye admin user credentials to execute any command within a non-interactive shell as motionEye run user, `motion` by default. The vulnerability has been patched with motionEye v0.43.1b4. As a workaround, apply the patch manually.
Vendor
-
Product
-
CWE
CWE-78
Yayın Tarihi
2025-05-14 16:15:29
Güncelleme
2025-05-16 14:43:56
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-78 HIGH 2025

Referanslar

https://github.com/motioneye-project/motioneye/issues/3142 https://github.com/motioneye-project/motioneye/pull/3143 https://github.com/motioneye-project/motioneye/security/advisories/GHSA-g5mq-prx7-c588 https://github.com/motioneye-project/motioneye/security/advisories/GHSA-g5mq-prx7-c588