Vulnerability Details CVE-2025-4008
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.
This web interface exposes an endpoint that is vulnerable to command injection.
Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.474
EPSS Ranking 97.5%
CVSS Severity
CVSS v3 Score 8.8
Proposed Action
Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges (root) on affected devices.
Ransomware Campaign
Unknown
References
Products affected by CVE-2025-4008
-
cpe:2.3:a:smartbedded:meteobridge_vm:2.8
-
cpe:2.3:a:smartbedded:meteobridge_vm:2.9
-
cpe:2.3:a:smartbedded:meteobridge_vm:3.0
-
cpe:2.3:a:smartbedded:meteobridge_vm:3.1
-
cpe:2.3:a:smartbedded:meteobridge_vm:3.2
-
cpe:2.3:a:smartbedded:meteobridge_vm:3.3
-
cpe:2.3:a:smartbedded:meteobridge_vm:3.4
-
cpe:2.3:a:smartbedded:meteobridge_vm:3.5
-
cpe:2.3:a:smartbedded:meteobridge_vm:3.6
-
cpe:2.3:a:smartbedded:meteobridge_vm:3.7
-
cpe:2.3:a:smartbedded:meteobridge_vm:3.8
-
cpe:2.3:a:smartbedded:meteobridge_vm:3.9
-
cpe:2.3:a:smartbedded:meteobridge_vm:4.0
-
cpe:2.3:a:smartbedded:meteobridge_vm:4.1
-
cpe:2.3:a:smartbedded:meteobridge_vm:4.2
-
cpe:2.3:a:smartbedded:meteobridge_vm:4.3
-
cpe:2.3:a:smartbedded:meteobridge_vm:4.4
-
cpe:2.3:a:smartbedded:meteobridge_vm:5.0
-
cpe:2.3:a:smartbedded:meteobridge_vm:5.1
-
cpe:2.3:a:smartbedded:meteobridge_vm:5.2
-
cpe:2.3:a:smartbedded:meteobridge_vm:5.3
-
cpe:2.3:a:smartbedded:meteobridge_vm:5.4
-
cpe:2.3:a:smartbedded:meteobridge_vm:5.5
-
cpe:2.3:a:smartbedded:meteobridge_vm:5.6
-
cpe:2.3:a:smartbedded:meteobridge_vm:5.7
-
cpe:2.3:a:smartbedded:meteobridge_vm:5.8
-
cpe:2.3:a:smartbedded:meteobridge_vm:5.9
-
cpe:2.3:a:smartbedded:meteobridge_vm:6.0
-
cpe:2.3:a:smartbedded:meteobridge_vm:6.1
-
cpe:2.3:o:smartbedded:meteobridge_firmware:2.8
-
cpe:2.3:o:smartbedded:meteobridge_firmware:2.9
-
cpe:2.3:o:smartbedded:meteobridge_firmware:3.0
-
cpe:2.3:o:smartbedded:meteobridge_firmware:3.1
-
cpe:2.3:o:smartbedded:meteobridge_firmware:3.2
-
cpe:2.3:o:smartbedded:meteobridge_firmware:3.3
-
cpe:2.3:o:smartbedded:meteobridge_firmware:3.4
-
cpe:2.3:o:smartbedded:meteobridge_firmware:3.5
-
cpe:2.3:o:smartbedded:meteobridge_firmware:3.6
-
cpe:2.3:o:smartbedded:meteobridge_firmware:3.7
-
cpe:2.3:o:smartbedded:meteobridge_firmware:3.8
-
cpe:2.3:o:smartbedded:meteobridge_firmware:3.9
-
cpe:2.3:o:smartbedded:meteobridge_firmware:4.0
-
cpe:2.3:o:smartbedded:meteobridge_firmware:4.1
-
cpe:2.3:o:smartbedded:meteobridge_firmware:4.2
-
cpe:2.3:o:smartbedded:meteobridge_firmware:4.3
-
cpe:2.3:o:smartbedded:meteobridge_firmware:4.4
-
cpe:2.3:o:smartbedded:meteobridge_firmware:5.0
-
cpe:2.3:o:smartbedded:meteobridge_firmware:5.1
-
cpe:2.3:o:smartbedded:meteobridge_firmware:5.2
-
cpe:2.3:o:smartbedded:meteobridge_firmware:5.3
-
cpe:2.3:o:smartbedded:meteobridge_firmware:5.4
-
cpe:2.3:o:smartbedded:meteobridge_firmware:5.5
-
cpe:2.3:o:smartbedded:meteobridge_firmware:5.6
-
cpe:2.3:o:smartbedded:meteobridge_firmware:5.7
-
cpe:2.3:o:smartbedded:meteobridge_firmware:5.8
-
cpe:2.3:o:smartbedded:meteobridge_firmware:5.9
-
cpe:2.3:o:smartbedded:meteobridge_firmware:6.0
-
cpe:2.3:o:smartbedded:meteobridge_firmware:6.1