CVE-2025-4008

CVSS v3.1

8.8

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Smartbedded Meteobridge versions prior to 6.2

Description The Meteobridge web interface is susceptible to a command injection flaw. This allows remote, unauthenticated attackers to execute arbitrary commands with elevated privileges (root) on affected devices. The vulnerability resides in the web interface and specifically impacts the handling of input in the

/public/template.cgi

endpoint. Approximately 100 devices are reportedly exposed to the internet. CISA has flagged this vulnerability (CVE-2025-4008) as actively exploited in the wild. The vulnerability stems from insecure CGI script handling.

Recommendations Update to version 6.2 or later.

Exploit

Fix

RCE

Missing Authentication

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-77

Related Identifiers

BDU:2025-06319

CVE-2025-4008

Affected Products

Meteobridge

CVE-2025-4008

Weakness Enumeration

Related Identifiers

Affected Products

References · 68