Description

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.

INFO

Published Date :

2025-05-21T15:31:23.118Z

Last Modified :

2026-02-26T18:28:04.093Z

Source :

ONEKEY
AFFECTED PRODUCTS

The following products are affected by CVE-2025-4008 vulnerability.

Vendors Products
Smartbedded
  • Meteobridge Firmware
  • Meteobridge Vm
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-4008.

URL Resource
https://forum.meteohub.de/viewtopic.php?t=18687 cve-icon cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4008 cve-icon cve-icon
https://www.onekey.com/resource/security-advisory-remote-command-execution-on-smartbedded-meteobridge-cve-2025-4008 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact