What is CVE-2025-60787?

CVE-2025-60787 is a vulnerability in N/a. Published 2025-10-03.

Is CVE-2025-60787 known to be exploited?

11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2025-60787

MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin a…

EPSS: 0.579 (98.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

gunzf0x/CVE-2025-60787
lil0xplorer/CVE-2025-60787_PoC
Rohitberiwala/CVE-2025-60787-MotionEye-RCE
Revnin/CCTV-MACHINE
agent-skywalker/CVE-2025-60787
d3vn0mi/CVE-2025-60787-POC
GarethMSheldon/CVE-2025-60787-Detection-motionEye-RCE-via-Config-Injection
rapid7/metasploit-framework
fkie-cad/nvd-json-data-feeds
nomi-sec/PoC-in-GitHub

References

motioneye-project.com
github.com/prabhatverma47/motionEye-RCE-through-config-parameter

Frequently asked questions

What is CVE-2025-60787?: CVE-2025-60787 is a vulnerability in N/a. Published 2025-10-03.
Is CVE-2025-60787 known to be exploited?: 11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.