CVE-2025-60787 is a security vulnerability identified in MotionEye versions up to and including v0.43.1b4. MotionEye is a popular open-source web-based frontend for the Motion video surveillance software, commonly used for managing IP cameras and video streams. The vulnerability arises from improper sanitization of user input in configuration parameters, specifically the 'image_file_name' parameter. An authenticated attacker with administrative privileges can inject arbitrary OS commands through this parameter because the input is directly written into Motion configuration files without adequate validation or escaping. When the Motion service is restarted, these malicious commands embedded in the configuration file are executed by the operating system, leading to remote code execution (RCE). This vulnerability requires the attacker to have admin-level access to the MotionEye interface, which typically means the attacker must have already compromised credentials or gained access through other means. There are no known public exploits in the wild at the time of publication, and no CVSS score has been assigned yet. The lack of a patch link suggests that a fix may not have been released or publicly disclosed at the time of this report. The vulnerability poses a significant risk because it allows full system compromise via command execution, potentially leading to data theft, system manipulation, or pivoting to other network assets. The attack vector is remote but limited to authenticated administrators, which somewhat reduces the attack surface but still represents a critical risk in environments where MotionEye is deployed and admin credentials are exposed or weakly protected.

For European organizations using MotionEye for video surveillance and security monitoring, this vulnerability could have severe consequences. Successful exploitation would allow attackers to execute arbitrary commands on the host system, potentially leading to full system compromise. This could result in unauthorized access to sensitive surveillance footage, disruption of security monitoring capabilities, and the use of compromised systems as footholds for lateral movement within corporate or governmental networks. Given the increasing reliance on video surveillance for physical security in sectors such as critical infrastructure, transportation, retail, and public safety across Europe, the impact could extend beyond IT systems to physical security risks. Additionally, organizations subject to GDPR and other data protection regulations could face legal and financial repercussions if personal data captured by surveillance systems is exposed or manipulated. The requirement for admin authentication limits the risk to some extent, but insider threats or credential theft remain significant concerns. The absence of known exploits in the wild currently reduces immediate risk but does not preclude future exploitation, especially as threat actors often target such vulnerabilities once publicly disclosed.

European organizations should take immediate steps to mitigate this vulnerability. First, restrict administrative access to the MotionEye interface by enforcing strong, unique passwords and implementing multi-factor authentication (MFA) where possible. Network segmentation should be applied to isolate MotionEye servers from broader corporate networks and limit exposure. Monitoring and logging of administrative actions within MotionEye should be enhanced to detect suspicious activity. Until an official patch is released, organizations can manually sanitize or validate configuration parameters before applying changes, avoiding the use of special characters or command injection vectors in 'image_file_name' and other configuration inputs. Consider disabling remote restart capabilities or automating restarts through controlled scripts that validate configuration files. Regularly update and audit user accounts to remove unnecessary admin privileges. Employ host-based intrusion detection systems (HIDS) to monitor for unusual command executions or file modifications related to MotionEye. Finally, maintain awareness of vendor advisories for patches and apply them promptly once available.