module
Remote Code Execution Vulnerability in MotionEye Frontend (CVE-2025-60787)
| Disclosed |
|---|
| Sep 9, 2025 |
Disclosed
Sep 9, 2025
Description
This module exploits a template injection vulnerability in the MotionEye Frontend.
MotionEye Frontend versions 0.43.1b4 and prior are vulnerable to OS Command Injection in configuration parameters such as image_file_name.
Unsanitized user input is written to MotionEye Frontend configuration files, allowing remote authenticated attackers with admin access to achieve code execution.
Successful exploitation will result in the command executing as the user running
the web server, potentially exposing sensitive data or disrupting survey operations.
An attacker can execute arbitrary system commands in the context of the user running the web server.
MotionEye Frontend versions 0.43.1b4 and prior are vulnerable to OS Command Injection in configuration parameters such as image_file_name.
Unsanitized user input is written to MotionEye Frontend configuration files, allowing remote authenticated attackers with admin access to achieve code execution.
Successful exploitation will result in the command executing as the user running
the web server, potentially exposing sensitive data or disrupting survey operations.
An attacker can execute arbitrary system commands in the context of the user running the web server.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.