What is CVE-2025-62382?

CVE-2025-62382 is a high-severity vulnerability in Blakeblackshear Frigate, classified under External Control of File Name or Path. CVSS score: 7.7/10. Published 2025-10-15.

How severe is CVE-2025-62382?

High severity. CVSS v3 base score is 7.7 out of 10.

Is CVE-2025-62382 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Blakeblackshear Frigate

CVE-2025-62382

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a vi…

EPSS: 0.000 (14.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N.

Affected products

Blakeblackshear Frigate — versions < 0.16.2

Weakness classification (CWE)

CWE-73 — External Control of File Name or Path

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/blakeblackshear/frigate/security/advisories/GHSA-8gv4-5jr9-v96j (x_refsource_CONFIRM)
https://github.com/blakeblackshear/frigate/commit/d7f7cd7be16bfe7a12766b797da6b8add687ccd9 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-62382?: CVE-2025-62382 is a high-severity vulnerability in Blakeblackshear Frigate, classified under External Control of File Name or Path. CVSS score: 7.7/10. Published 2025-10-15.
How severe is CVE-2025-62382?: High severity. CVSS v3 base score is 7.7 out of 10.
Is CVE-2025-62382 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.