CVE-2025-60787 in MotionEye
Summary
by MITRE • 10/03/2025
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 02/12/2026
MotionEye version 0.43.1b4 and earlier contains a critical operating system command injection vulnerability that arises from improper input sanitization within configuration parameters. The flaw specifically affects the image_file_name parameter and similar configuration fields where user-supplied data is directly written to Motion configuration files without adequate validation or escaping mechanisms. This vulnerability exists within the context of MotionEye's configuration management system where administrative users can modify camera settings through a web interface, with the system subsequently persisting these values to underlying configuration files that Motion software reads during operation.
The technical exploitation of this vulnerability occurs when an authenticated administrator modifies configuration parameters that are subsequently processed by the Motion detection software. When Motion restarts or reloads its configuration, it interprets the unsanitized user input as command-line arguments or configuration directives, allowing attackers to inject malicious commands that execute with the privileges of the Motion process. This represents a classic command injection flaw that can be categorized under CWE-77 and aligns with ATT&CK technique T1059.001 for command and scripting interpreter. The vulnerability requires administrative access but does not necessitate special privileges beyond standard user authentication, making it particularly dangerous in environments where administrative accounts may be compromised or where privilege escalation is possible through other means.
The operational impact of this vulnerability extends beyond simple code execution to encompass complete system compromise when exploited by attackers with administrative privileges. Successful exploitation allows adversaries to execute arbitrary commands on the affected system, potentially leading to full system takeover, data exfiltration, or persistence mechanisms. The vulnerability affects systems running MotionEye software in environments where Motion configuration files are regularly processed or where Motion is restarted to apply configuration changes, creating a window of opportunity for exploitation. Organizations using MotionEye for security camera monitoring face significant risk as this vulnerability can be leveraged to gain unauthorized access to surveillance systems, potentially compromising the integrity and confidentiality of video feeds and associated metadata.
Mitigation strategies should focus on immediate patching of MotionEye to versions that properly sanitize user input before writing to configuration files, with particular attention to the image_file_name parameter and similar fields. Administrators should implement network segmentation to limit access to MotionEye administrative interfaces and consider implementing additional authentication controls such as multi-factor authentication. The configuration management system should be reviewed to ensure that all user-supplied inputs undergo proper validation and sanitization before being persisted to system files. Organizations should also implement monitoring for unusual configuration changes and establish automated processes to detect and alert on potential command injection attempts. Additionally, system administrators should review and restrict Motion process privileges to minimize the impact of potential exploitation, ensuring that Motion runs with the minimal required permissions to maintain operational functionality while reducing attack surface.