Share
## https://sploitus.com/exploit?id=4C675BA9-9AD2-57C9-9A26-E052FE64B469
# CVE-2025-60787: Motioneye Remote Code Execution (RCE)

![CVE](https://img.shields.io/badge/CVE-2025--60787-critical-red)
![CVSS](https://img.shields.io/badge/CVSS-7.2-orange)
![Python](https://img.shields.io/badge/Python-3.x-yellow)
![License](https://img.shields.io/badge/license-MIT-green)

Professional Proof-of-Concept (PoC) for CVE-2025-60787, a critical Remote Code Execution (RCE) vulnerability in MotionEye (versions โ‰ค 0.43.1b4).

## Technical Overview
The vulnerability arises from a client-side validation bypass in the configUiValid JavaScript function. While the UI validates filename fields, the server-side fails to properly sanitize these inputs before writing them to the camera-N.conf files. An attacker can inject arbitrary shell commands via the image_file_name parameter, leading to full system compromise upon service reload or restart.

## Installation
Follow these steps to set up the environment and the exploit tool:

```bash
# Clone the repository
git clone [https://github.com/Rohitberiwala/Motioneye-RCE-CVE-2025-60787](https://github.com/Rohitberiwala/Motioneye-RCE-CVE-2025-60787)
cd Motioneye-RCE-CVE-2025-60787

# Install required dependencies
pip install requests

## Usage
```bash
# Execute the exploit to create a marker file in /tmp
python3 exploit.py --target [TARGET_IP] --cmd "id > /tmp/hacked"