CVE-2025-47782 – MotionEye Command Injection Vulnerability

CVE ID : CVE-2025-47782

Published : May 14, 2025, 4:15 p.m. | 39 minutes ago

Description : motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with the `add`/`add_camera` motionEye web API allows an attacker with motionEye admin user credentials to execute any command within a non-interactive shell as motionEye run user, `motion` by default. The vulnerability has been patched with motionEye v0.43.1b4. As a workaround, apply the patch manually.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…