CVE-2025-4008
📊 8.7 HIGH⚡ 44.1%🎯 0 exploits🏛️ KEV Listed
📅 Published May 21, 2025
📋 Status: Analyzed
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
CVSS v3.1 • NVD
🎯 Affected Products & Systems
2 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | smartbedded | meteobridge vm | < 6.2 | Vulnerable | cpe:2.3:a:smartbedded:meteobridge_vm:*:*:*:*:*:*:*:* |
💻OS | smartbedded | meteobridge firmware | < 6.2 | Vulnerable | cpe:2.3:o:smartbedded:meteobridge_firmware:*:*:*:*:*:*:*:* |
📱
VulnerableApplication
Version: < 6.2
CPE:
cpe:2.3:a:smartbedded:meteobridge_vm:*:*:*:*:*:*:*:*
💻
VulnerableOperating System
Version: < 6.2
CPE:
cpe:2.3:o:smartbedded:meteobridge_firmware:*:*:*:*:*:*:*:*
Metrics
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔍 Technical Details
Analysis Status
AnalyzedCVSS Details
8.7 (HIGH)v4.0
Source: [email protected]
EPSS Details
44.1% (Medium)97.4th percentile
Last updated: Oct 30, 2025
Exploitation probability within 30 days
Published Date
May 21, 2025 (5 months ago)
Last Modified
Oct 27, 2025 (5 days ago)
Security Weaknesses2
CWE-77CWE-306
References3
NVDadvisorygeneral