## https://sploitus.com/exploit?id=4C675BA9-9AD2-57C9-9A26-E052FE64B469
# CVE-2025-60787: Motioneye Remote Code Execution (RCE)




Professional Proof-of-Concept (PoC) for CVE-2025-60787, a critical Remote Code Execution (RCE) vulnerability in MotionEye (versions โค 0.43.1b4).
## Technical Overview
The vulnerability arises from a client-side validation bypass in the configUiValid JavaScript function. While the UI validates filename fields, the server-side fails to properly sanitize these inputs before writing them to the camera-N.conf files. An attacker can inject arbitrary shell commands via the image_file_name parameter, leading to full system compromise upon service reload or restart.
## Installation
Follow these steps to set up the environment and the exploit tool:
```bash
# Clone the repository
git clone [https://github.com/Rohitberiwala/Motioneye-RCE-CVE-2025-60787](https://github.com/Rohitberiwala/Motioneye-RCE-CVE-2025-60787)
cd Motioneye-RCE-CVE-2025-60787
# Install required dependencies
pip install requests
## Usage
```bash
# Execute the exploit to create a marker file in /tmp
python3 exploit.py --target [TARGET_IP] --cmd "id > /tmp/hacked"