VYPR
High severityOSV Advisory· Published May 14, 2025· Updated Jun 17, 2026

CVE-2025-47782

CVE-2025-47782

Description

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with the add/add_camera motionEye web API allows an attacker with motionEye admin user credentials to execute any command within a non-interactive shell as motionEye run user, motion by default. The vulnerability has been patched with motionEye v0.43.1b4. As a workaround, apply the patch manually.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
motioneyePyPI
>= 0.43.1b1, < 0.43.1b40.43.1b4

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.