CVE-2025-4008

UNKNOWN 0.0

⚠️ CISA KEV

Arbitrary Command Injection in Smartbedded MeteoBridge

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.

CWE	CWE-77 CWE-306
Vendor	smartbedded
Product	meteobridge
Published	May 21, 2025
Last Updated	Feb 26, 2026

⚠️ Actively Exploited — Act Now

Get instant alerts for smartbedded meteobridge

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2025-4008.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Smartbedded / MeteoBridge

0 ≤ 6.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

onekey.com: https://www.onekey.com/resource/security-advisory-remote-command-execution-on-smartbedded-meteobridge-cve-2025-4008 forum.meteohub.de: https://forum.meteohub.de/viewtopic.php?t=18687 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4008

Credits

ONEKEY Research Labs