Cyber Resilience

CVE-2025-4008

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 21 May 2025

Published
21 May 2025
Modified
27 October 2025
KEV Added
02 October 2025
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.4392 97.6th percentile
Risk Priority 64 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-4008 is a high-severity Command Injection (CWE-77) vulnerability in Smartbedded Meteobridge Vm. Its CVSS base score is 8.7 (High).

Operationally, ranked in the top 2.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 IA-2 (Identification and Authentication (Organizational Users)) and SI-10 (Information Input Validation).

Deeper analysis

The Meteobridge web interface, implemented in CGI shell scripts and C, contains a command injection vulnerability in an exposed endpoint. This flaw affects the device's administrative web application used to manage weather station data collection and system administration, and is tracked under CWE-77 and CWE-306.

Remote unauthenticated attackers on an adjacent network can exploit the endpoint to execute arbitrary commands with root privileges on affected Meteobridge devices, resulting in full system compromise.

Public references indicate the issue is cataloged in CISA's Known Exploited Vulnerabilities list, and vendor and researcher advisories are available via the Meteohub forum and Onekey security advisory. The associated EPSS score reached a peak of 0.5100 on 2025-12-11 before receding to the current value of 0.4392.

EU & UK References

Vulnerability details

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command…

more

injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.

CWE(s)
KEV Date Added
02 October 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

smartbedded
meteobridge vm
≤ 6.2
smartbedded
meteobridge firmware
≤ 6.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires identification and authentication before allowing access to the web interface endpoint, directly blocking the unauthenticated command injection path.

prevent

Validates all input to the CGI endpoint, preventing the command injection that enables arbitrary root execution.

prevent

Enforces access control decisions on the exposed management functions so that only authorized subjects may invoke them.

References