CVE-2025-60787

This repository contains a functional exploit for CVE-2025-60787, an authenticated RCE vulnerability in motionEye. The exploit supports both reverse shell and command execution payloads, leveraging motionEye's authentication mechanism and camera configuration manipulation.

This repository contains a functional exploit for CVE-2025-60787, an authenticated RCE vulnerability in MotionEye <= 0.43.1b4. The exploit bypasses client-side validation on the `image_file_name` field to inject a reverse shell payload.

This repository contains a functional Python exploit for CVE-2025-60787, targeting a command injection vulnerability in MotionEye (≤ 0.43.1b4). The exploit bypasses client-side validation to inject arbitrary commands via the 'picture_filename' parameter, achieving remote code execution upon service restart.

This repository contains a functional Python exploit for CVE-2025-60787, an authenticated RCE vulnerability in motionEye. The exploit supports both reverse shell and command execution modes, leveraging motionEye's authentication mechanism and camera configuration manipulation.

This repository provides a detailed technical analysis and detection guidance for CVE-2025-60787, an unauthenticated RCE vulnerability in motionEye <= 0.43.1b4. It includes MITRE ATT&CK mapping, detection rules (YARA, KQL), and IOCs for identifying exploitation attempts.

This repository provides a detailed technical analysis of CVE-2025-60787, an RCE vulnerability in MotionEye <= 0.43.1b4 due to client-side validation bypass. It includes root cause analysis, patch suggestions, and a step-by-step reproduction guide.

This exploit bypasses client-side validation in motionEye's web UI to inject shell commands into configuration values, leading to remote code execution when the motion service restarts. The PoC demonstrates creating a harmless file (/tmp/test) as proof of concept.

This Metasploit module exploits a template injection vulnerability in MotionEye Frontend (CVE-2025-60787) by leveraging unsanitized user input in configuration parameters to achieve remote code execution. It requires authentication and targets versions 0.43.1b4 and prior.