CVE-2025-47782
published 2025-05-14CVE-2025-47782: motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a…
PriorityP354high8.9CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEPCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.41%
32.5th percentile
motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with the `add`/`add_camera` motionEye web API allows an attacker with motionEye admin user credentials to execute any command within a non-interactive shell as motionEye run user, `motion` by default. The vulnerability has been patched with motionEye v0.43.1b4. As a workaround, apply the patch manually.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| motioneye-project | motioneye | — | — |
| motioneye_project | motioneye | >= 0.43.1b1 < 0.43.1b4 | 0.43.1b4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution
osv·2025-05-15
CVE-2025-47782 [HIGH] motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution
motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution
### Summary
Using a constructed (camera) device path with the `config/add`/`add_camera` motionEye web API allows an attacker with motionEye admin user credentials to execute any UNIX shell code within a non-interactive shell as executing user of the motionEye instance, `motion` by default.
#### function call stack
1. `post`
2. `add_camera`
3. `config.add_camera`
4. `v4l2ctl.list_resolutions`
5. `utils.call_subprocess`
6. `subprocess.run`
### PoC
#### build
```sh
RUN_USER="user"
RUN_UID=$(id -u ${RUN_USER})
RUN_GID=$(id -g ${RUN_USER})
TIMESTAMP="$(date '+%Y%m%d-%H%M')"
docker build \
--network host \
--build-arg="RUN_UID=${RUN_UID?}" \
--build-arg="RUN_GID=${RUN_GID?}" \
-t "${USER?}/motioneye:${TIMESTAM
GHSA
motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution
ghsa·2025-05-15
CVE-2025-47782 [HIGH] CWE-78 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution
motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution
### Summary
Using a constructed (camera) device path with the `config/add`/`add_camera` motionEye web API allows an attacker with motionEye admin user credentials to execute any UNIX shell code within a non-interactive shell as executing user of the motionEye instance, `motion` by default.
#### function call stack
1. `post`
2. `add_camera`
3. `config.add_camera`
4. `v4l2ctl.list_resolutions`
5. `utils.call_subprocess`
6. `subprocess.run`
### PoC
#### build
```sh
RUN_USER="user"
RUN_UID=$(id -u ${RUN_USER})
RUN_GID=$(id -g ${RUN_USER})
TIMESTAMP="$(date '+%Y%m%d-%H%M')"
docker build \
--network host \
--build-arg="RUN_UID=${RUN_UID?}" \
--build-arg="RUN_GID=${RUN_GID?}" \
-t "${USER?}/motioneye:${TIMESTAM
OSV
CVE-2025-47782: motionEye is an online interface for the software motion, a video surveillance program with motion detection
osv·2025-05-14
CVE-2025-47782 CVE-2025-47782: motionEye is an online interface for the software motion, a video surveillance program with motion detection
motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with the `add`/`add_camera` motionEye web API allows an attacker with motionEye admin user credentials to execute any command within a non-interactive shell as motionEye run user, `motion` by default. The vulnerability has been patched with motionEye v0.43.1b4. As a workaround, apply the patch manually.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-05-14
Published