CVE-2025-62382: CWE-73: External Control of File Name or Path in blakeblackshear frigate
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a video export. Because that path is copied verbatim into the publicly served clips directory, the feature can be abused to read arbitrary files that reside on the host running Frigate. In practice, a low-privilege user with API access can pivot from viewing camera footage to exfiltrating sensitive configuration files, secrets, or user data from the appliance itself. This behavior violates the principle of least privilege for the export subsystem and turns a convenience feature into a direct information disclosure vector, with exploitation hinging on a short race window while the background exporter copies the chosen file into place before cleanup runs. This vulnerability is fixed in 0.16.2.
AI Analysis
Technical Summary
CVE-2025-62382 is an external control of file name or path vulnerability (CWE-73) affecting Frigate, a network video recorder software that performs real-time local object detection for IP cameras. In versions prior to 0.16.2, the export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a video export. This user-supplied path is copied verbatim into the publicly served clips directory without proper validation or sanitization. Consequently, a low-privilege user with API access can exploit this to read arbitrary files residing on the host system by tricking the export process into copying sensitive files into the public directory before cleanup occurs. The vulnerability hinges on a race condition during the file copying process, which must be exploited within a short time window. This attack vector enables an adversary to escalate from merely viewing camera footage to exfiltrating sensitive data such as configuration files, secrets, or user data stored on the appliance. The flaw violates the principle of least privilege by allowing the export subsystem to access arbitrary paths. The vulnerability has a CVSS 3.1 base score of 7.7, reflecting high severity due to network attack vector, low attack complexity, and significant confidentiality impact without affecting integrity or availability. The issue is resolved in Frigate version 0.16.2. No known exploits have been reported in the wild as of the publication date. The vulnerability requires authentication but no user interaction beyond API access. This makes it a critical concern for environments where multiple users have API privileges. The vulnerability underscores the importance of strict input validation and access controls in software handling sensitive data exports.
Potential Impact
For European organizations, this vulnerability poses a significant risk to the confidentiality of sensitive data stored on Frigate NVR appliances. Many organizations in sectors such as critical infrastructure, transportation, retail, and public safety rely on IP camera systems for security monitoring. Exploitation could lead to unauthorized disclosure of configuration files, credentials, or personal data, potentially violating GDPR and other data protection regulations. The ability for a low-privilege user to escalate access and exfiltrate data increases insider threat risks and could facilitate further lateral movement within networks. The exposure of secrets and configuration data could also enable attackers to compromise other connected systems or disrupt surveillance operations. Given the widespread adoption of IP camera solutions in European enterprises and public institutions, the vulnerability could impact a broad range of organizations, especially those with less mature API access controls. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, as the vulnerability is straightforward to exploit once authenticated. Failure to patch could lead to regulatory penalties, reputational damage, and operational disruptions.
Mitigation Recommendations
European organizations should immediately upgrade all Frigate installations to version 0.16.2 or later to remediate this vulnerability. Until upgrades are completed, restrict API access strictly to trusted and authenticated users, employing strong authentication mechanisms and role-based access controls to minimize exposure. Monitor API usage logs for unusual export requests or attempts to specify suspicious file paths. Implement network segmentation to isolate NVR appliances from broader enterprise networks, limiting lateral movement opportunities. Employ host-based intrusion detection systems (HIDS) to detect anomalous file access or copying activities on the Frigate host. Review and harden file system permissions to ensure that the Frigate process cannot access sensitive files unnecessarily. Conduct regular audits of exported video clips directories to detect unauthorized files. Educate operators and administrators about the risks of arbitrary path specification and enforce policies prohibiting unsafe export practices. Finally, maintain up-to-date backups of configuration and user data to enable recovery in case of compromise.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Sweden, Poland, Austria
CVE-2025-62382: CWE-73: External Control of File Name or Path in blakeblackshear frigate
Description
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a video export. Because that path is copied verbatim into the publicly served clips directory, the feature can be abused to read arbitrary files that reside on the host running Frigate. In practice, a low-privilege user with API access can pivot from viewing camera footage to exfiltrating sensitive configuration files, secrets, or user data from the appliance itself. This behavior violates the principle of least privilege for the export subsystem and turns a convenience feature into a direct information disclosure vector, with exploitation hinging on a short race window while the background exporter copies the chosen file into place before cleanup runs. This vulnerability is fixed in 0.16.2.
AI-Powered Analysis
Technical Analysis
CVE-2025-62382 is an external control of file name or path vulnerability (CWE-73) affecting Frigate, a network video recorder software that performs real-time local object detection for IP cameras. In versions prior to 0.16.2, the export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a video export. This user-supplied path is copied verbatim into the publicly served clips directory without proper validation or sanitization. Consequently, a low-privilege user with API access can exploit this to read arbitrary files residing on the host system by tricking the export process into copying sensitive files into the public directory before cleanup occurs. The vulnerability hinges on a race condition during the file copying process, which must be exploited within a short time window. This attack vector enables an adversary to escalate from merely viewing camera footage to exfiltrating sensitive data such as configuration files, secrets, or user data stored on the appliance. The flaw violates the principle of least privilege by allowing the export subsystem to access arbitrary paths. The vulnerability has a CVSS 3.1 base score of 7.7, reflecting high severity due to network attack vector, low attack complexity, and significant confidentiality impact without affecting integrity or availability. The issue is resolved in Frigate version 0.16.2. No known exploits have been reported in the wild as of the publication date. The vulnerability requires authentication but no user interaction beyond API access. This makes it a critical concern for environments where multiple users have API privileges. The vulnerability underscores the importance of strict input validation and access controls in software handling sensitive data exports.
Potential Impact
For European organizations, this vulnerability poses a significant risk to the confidentiality of sensitive data stored on Frigate NVR appliances. Many organizations in sectors such as critical infrastructure, transportation, retail, and public safety rely on IP camera systems for security monitoring. Exploitation could lead to unauthorized disclosure of configuration files, credentials, or personal data, potentially violating GDPR and other data protection regulations. The ability for a low-privilege user to escalate access and exfiltrate data increases insider threat risks and could facilitate further lateral movement within networks. The exposure of secrets and configuration data could also enable attackers to compromise other connected systems or disrupt surveillance operations. Given the widespread adoption of IP camera solutions in European enterprises and public institutions, the vulnerability could impact a broad range of organizations, especially those with less mature API access controls. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, as the vulnerability is straightforward to exploit once authenticated. Failure to patch could lead to regulatory penalties, reputational damage, and operational disruptions.
Mitigation Recommendations
European organizations should immediately upgrade all Frigate installations to version 0.16.2 or later to remediate this vulnerability. Until upgrades are completed, restrict API access strictly to trusted and authenticated users, employing strong authentication mechanisms and role-based access controls to minimize exposure. Monitor API usage logs for unusual export requests or attempts to specify suspicious file paths. Implement network segmentation to isolate NVR appliances from broader enterprise networks, limiting lateral movement opportunities. Employ host-based intrusion detection systems (HIDS) to detect anomalous file access or copying activities on the Frigate host. Review and harden file system permissions to ensure that the Frigate process cannot access sensitive files unnecessarily. Conduct regular audits of exported video clips directories to detect unauthorized files. Educate operators and administrators about the risks of arbitrary path specification and enforce policies prohibiting unsafe export practices. Finally, maintain up-to-date backups of configuration and user data to enable recovery in case of compromise.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-10-10T14:22:48.205Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68efd906d4cab3a28826793d
Added to database: 10/15/2025, 5:25:26 PM
Last enriched: 10/22/2025, 6:45:03 PM
Last updated: 12/4/2025, 10:00:25 PM
Views: 93
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-53704: CWE-640 in MAXHUB Pivot client application
HighCVE-2025-12196: CWE-787 Out-of-bounds Write in WatchGuard Fireware OS
HighCVE-2025-12195: CWE-787 Out-of-bounds Write in WatchGuard Fireware OS
HighCVE-2025-12026: CWE-787 Out-of-bounds Write in WatchGuard Fireware OS
HighCVE-2025-6946: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in WatchGuard Fireware OS
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.