Vulnerability Description
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smartbedded | Meteobridge Vm | < 6.2 |
| Smartbedded | Meteobridge Firmware | < 6.2 |
Related Weaknesses (CWE)
References
- https://forum.meteohub.de/viewtopic.php?t=18687Vendor Advisory
- https://www.onekey.com/resource/security-advisory-remote-command-execution-on-smExploitThird Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-US Government Resource
FAQ
What is CVE-2025-4008?
CVE-2025-4008 is a vulnerability with a CVSS score of 8.8 (HIGH). The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts ...
How severe is CVE-2025-4008?
CVE-2025-4008 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-4008?
Check the references section above for vendor advisories and patch information. Affected products include: Smartbedded Meteobridge Vm, Smartbedded Meteobridge Firmware.