VDB

CVE-2025-4008

CVE-2025-4008 PUBLISHED KEV CVSS 8.699999809265137 HIGH

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.

EPSS 43.92% · 97.6th percentile

Risk Scores

CVSS 4.0
8.699999809265137
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
43.92%
97.6th percentile

Affected Products

VendorProductVersions
SmartbeddedMeteoBridge0
smartbeddedmeteobridge_firmware0
smartbeddedmeteobridge_vm0

Exploit Intelligence

…and 60 more exploits

Timeline

  • Dec 11, 2022 CrowdSec Sighting
  • Dec 11, 2022 CrowdSec Sighting
  • Dec 19, 2022 CrowdSec Sighting
  • Mar 9, 2023 CrowdSec Sighting
  • Apr 5, 2023 CrowdSec Sighting
  • Mar 9, 2025 CrowdSec Sighting
  • May 21, 2025 CVE Published
  • May 21, 2025 PoC Published
  • May 21, 2025 PoC Published
  • May 22, 2025 EPSS Score
  • May 27, 2025 PoC Published
  • May 27, 2025 PoC Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›