Information Disclosure Vulnerability in Frigate Network Video Recorder by Blake Blackshear
CVE-2025-62382

7.7HIGH

Key Information:

Vendor: Blakeblackshear
Status: Frigate
Vendor: CVE Published:; 15 October 2025

🔔 Create Blakeblackshear Vulnerability Alert

What is CVE-2025-62382?

Frigate, a network video recorder with real-time local object detection capabilities, has a vulnerability that allows authenticated operators to exploit its export workflow. Specifically, prior to version 0.16.2, an operator could designate any filesystem location as the source for video thumbnails, breaching the security of the system. This flaw permits low-privilege users with API access to potentially exfiltrate sensitive files, such as configuration files and secrets, from the host. The exploit relies on a narrow timing window where the file is copied to a publicly accessible directory before the cleanup process. This flaw can lead to unauthorized access to sensitive data, compromising the overall security of the Frigate system.

Affected Version(s)

frigate < 0.16.2

References

https://github.com/blakeblackshear/frigate/security/advis...

x_refsource_CONFIRM

https://github.com/blakeblackshear/frigate/commit/d7f7cd7...

x_refsource_MISC

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Oct 10, 2025

JSON