CVE-2025-4008

HIGHCISA KEV

8.8

Beschreibung

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.

CVE Details

CVSS v3.1 Bewertung8.8

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorADJACENT_NETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht5/21/2025

Zuletzt geandert10/27/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerSmartbedded

ProduktMeteobridge

SchwachstellennameSmartbedded Meteobridge Command Injection Vulnerability

KEV Aufnahmedatum2025-10-02

Behebungsfrist2025-10-23

Ransomware-NutzungUnknown

Betroffene Produkte

smartbedded:meteobridge_firmwaresmartbedded:meteobridge_vm

Schwachen (CWE)

CWE-77CWE-306

Referenzen

https://forum.meteohub.de/viewtopic.php?t=18687(research@onekey.com)

https://www.onekey.com/resource/security-advisory-remote-command-execution-on-smartbedded-meteobridge-cve-2025-4008(research@onekey.com)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4008(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.