🟡 CVE-2025-4008

Remote command injection vulnerability in Smartbedded MeteoBridge weather station management systems allows unauthenticated attackers to execute arbitrary commands with root privileges. Despite CVSS rating as ADJACENT network, many MeteoBridge systems are deployed as internet-facing weather monitoring stations.

← Back to Overview
MEDIUM_RISK
Risk Level
8.7
CVSS Score
ADJACENT
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
MEDIUM
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-05-21

Added to CISA KEV: 2025-10-02 134 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-4008 is a critical command injection vulnerability affecting the Smartbedded Meteobridge web interface [1].

Below is a summary of the known details regarding this vulnerability:

Vulnerability Overview
  • Description: The Meteobridge web interface, which is used by administrators to manage weather station data and system settings, contains an endpoint vulnerable to command injection [1]. The application is written using a combination of CGI shell scripts and C code [4].
  • Impact: Successful exploitation allows remote, unauthenticated attackers to execute arbitrary commands on the affected device with elevated (root) privileges [1].
Exploitation and Threat Landscape
  • Active Exploitation: CVE-2025-4008 is included in the CISA Known Exploited Vulnerabilities (KEV) Catalog, confirming that it has been actively exploited in the wild [3] [2].
  • Attack Method: This is a remote, unauthenticated attack. It does not require user interaction, as it targets a web interface endpoint directly [1].
  • Proof-of-Concept: Security researchers (specifically the ONEKEY Research Lab) have published details and a proof-of-concept for this vulnerability [1].
Status and Mitigation
  • Affected Versions/Patch Status: While the vulnerability was disclosed in May 2025, specific version numbers affected and the availability of patches should be verified directly through the vendor's official security advisories or support channels. Users of Smartbedded Meteobridge devices are strongly encouraged to check for and apply any available firmware updates immediately, given its status as a known exploited vulnerability [2].

Sources

  1. Security Advisory: Remote Command Execution on Smartbedded ...

    Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Smartbedded MeteoBridge. Learn about the risks and ... You'll find details about this vulnerability below, including an authentication "bypass" and proof-of-concept.The Meteobridge web interface let meteobridge adm…

  2. CISA Adds Five Known Exploited Vulnerabilities to Catalog

    CVE-2025-4008 Smartbedded Meteobridge Command Injection Vulnerability; CVE-2025-21043 Samsung Mobile Devices Out-of-Bounds Write Vulnerability.

  3. CVE-2025-4008 : The Meteobridge web interface let meteobridge ...

    CVE-2025-4008 is in the CISA Known Exploited Vulnerabilities Catalog CISA vulnerability name: Smartbedded Meteobridge Command Injection Vulnerability CISA required action: ... Vulnerability Details : CVE-2025-4008. The Meteobridge web interface let meteobridge administrator manage their weather stat…

  4. NVD - cve-2025-4008

    National Vulnerability Database. Vulnerabilities. CVE-2025-4008 Detail. Description. The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed