CVE-2025-4008

Name of the Vulnerable Software and Affected Versions Smartbedded Meteobridge versions prior to 6.2

Description The Meteobridge web interface is susceptible to a command injection flaw. This allows remote, unauthenticated attackers to execute arbitrary commands with elevated privileges (root) on affected devices. The vulnerability resides in the web interface and specifically impacts the handling of input in the /public/template.cgi endpoint. Approximately 100 devices are reportedly exposed to the internet. CISA has flagged this vulnerability (CVE-2025-4008) as actively exploited in the wild. The vulnerability stems from insecure CGI script handling.

Recommendations Update to version 6.2 or later.