Vulnerability DatabaseCVE-2025-47782
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-47782
May 14, 2025
motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with the "add"/"add_camera" motionEye web API allows an attacker with motionEye admin user credentials to execute any command within a non-interactive shell as motionEye run user, "motion" by default. The vulnerability has been patched with motionEye v0.43.1b4. As a workaround, apply the patch manually.
Affected Packages
motioneye (PYTHON):
Affected version(s) >=0.43.1b1 <0.43.1b4
Fix Suggestion:
Update to version 0.43.1b4
Related ResourcesĀ (6)
https://github.com/motioneye-project/motioneye/pull/3143
https://nvd.nist.gov/vuln/detail/CVE-2025-47782
https://github.com/motioneye-project/motioneye/security/advisories/GHSA-g5mq-prx7-c588
https://github.com/motioneye-project/motioneye/issues/3142
https://github.com/pypa/advisory-database/tree/main/vulns/motioneye/PYSEC-2025-39.yaml
https://github.com/motioneye-project/motioneye
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
Exploit Maturity
POC
CVSS v3
Base Score:
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-78
EPSS
Base Score:
0.33