CVE-2025-4008 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-4008 PUBLISHED KEV CVSS 8.699999809265137 HIGH

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.

EPSS 45.87% · 97.6th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

45.87%

97.6th percentile

Affected Products

Vendor	Product	Versions
Smartbedded	MeteoBridge	0
smartbedded	meteobridge_firmware	0
smartbedded	meteobridge_vm	0

Timeline

May 21, 2025 CVE Published
May 21, 2025 PoC Published
May 21, 2025 PoC Published
May 22, 2025 EPSS Score
May 27, 2025 PoC Published
May 27, 2025 PoC Published
May 27, 2025 PoC Published
May 28, 2025 PoC Published
May 29, 2025 PoC Published
May 31, 2025 PoC Published
Jun 2, 2025 EPSS Score
Jun 12, 2025 EPSS Score

References

https://www.onekey.com/resource/security-advisory-remote-command-execution-on-smartbedded-meteobridge-cve-2025-4008 third-party-advisory
https://forum.meteohub.de/viewtopic.php?t=18687 vendor-advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4008 url
https://nvd.nist.gov/vuln/detail/CVE-2025-4008 advisory

Open in Interactive Console →