- Description
- The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
- Source
- research@onekey.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- research@onekey.com
- CWE-77
- Hype score
- Not currently trending
🚨 CVE-2025-4008 - high 🚨 MeteoBridge <= 6.1 - Remote Code Execution > The Meteobridge web interface let meteobridge administrator manage their weather stat... 👾 https://t.co/6O0gds0OtE @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
5 Jun 2025
113 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4008
@transilienceai
1 Jun 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A critical command injection flaw in MeteoBridge firmware (CVE-2025-4008) allows remote code execution via insecure CGI scripts. The issue was fixed with firmware v6.2 after responsible disclosure. ⚠️ #IoT #Security #USA https://t.co/gt0q1IR58f
@TweetThreatNews
27 May 2025
36 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
2025-05-26 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― Security Advisory: Remote Command Execution on Smartbedded MeteoBridge (CVE-2025-4008) | ONEKEY Research | Research | ONEKEY https://t.co/rPswoF51aC https://t.co/bAC3CdiotM
@motikan2010
27 May 2025
144 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Unauthenticated RCE on Smartbedded MeteoBridge (CVE-2025-4008) https://t.co/XiUjqlzCy0 https://t.co/73aliUWWqm
@secharvesterx
26 May 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-4008: CRITICAL] Warning: Meteobridge web interface is vulnerable to command injection, allowing attackers to gain root access remotely. Secure your system now! #cybersecurity#cve,CVE-2025-4008,#cybersecurity https://t.co/oBf3JHqw9F https://t.co/GfnOTQ48Pf
@CveFindCom
21 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes