CVE-2025-4008
Published: 21 May 2025
Summary
CVE-2025-4008 is a high-severity Command Injection (CWE-77) vulnerability in Smartbedded Meteobridge Vm. Its CVSS base score is 8.7 (High).
Operationally, ranked in the top 2.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 IA-2 (Identification and Authentication (Organizational Users)) and SI-10 (Information Input Validation).
Deeper analysis
The Meteobridge web interface, implemented in CGI shell scripts and C, contains a command injection vulnerability in an exposed endpoint. This flaw affects the device's administrative web application used to manage weather station data collection and system administration, and is tracked under CWE-77 and CWE-306.
Remote unauthenticated attackers on an adjacent network can exploit the endpoint to execute arbitrary commands with root privileges on affected Meteobridge devices, resulting in full system compromise.
Public references indicate the issue is cataloged in CISA's Known Exploited Vulnerabilities list, and vendor and researcher advisories are available via the Meteohub forum and Onekey security advisory. The associated EPSS score reached a peak of 0.5100 on 2025-12-11 before receding to the current value of 0.4392.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-16032
Vulnerability details
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command…
more
injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
- CWE(s)
- KEV Date Added
- 02 October 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires identification and authentication before allowing access to the web interface endpoint, directly blocking the unauthenticated command injection path.
Validates all input to the CGI endpoint, preventing the command injection that enables arbitrary root execution.
Enforces access control decisions on the exposed management functions so that only authorized subjects may invoke them.