Unrated severityCISA KEVNVD Advisory· Published May 21, 2025· Updated Feb 26, 2026

Arbitrary Command Injection in Smartbedded MeteoBridge

CVE-2025-4008

Description

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.

This web interface exposes an endpoint that is vulnerable to command injection.

Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.

Affected products

Smartbedded/Meteobridgev5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

forum.meteohub.de/viewtopic.phpmitrevendor-advisory
www.onekey.com/resource/security-advisory-remote-command-execution-on-smartbedded-meteobridge-cve-2025-4008mitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.035
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000