CVE-2025-4008 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web a…
High KEV CVSS: 8.7

CVE-2025-4008

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.

This web interface exposes an endpoint that is vulnerable to command injection.

Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
Vendor
Smartbedded
Product
Meteobridge Vm
CWE
CWE-77
Yayın Tarihi
2025-05-21 16:15:33
Güncelleme
2025-10-27 17:02:18
Source Identifier
research@onekey.com
KEV Date Added
2025-10-02

Kategoriler

CWE-77 Meteobridge Vm HIGH Smartbedded 2025

Referanslar

https://forum.meteohub.de/viewtopic.php?t=18687 https://www.onekey.com/resource/security-advisory-remote-command-execution-on-smartbedded-meteobridge-cve-2025-4008 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4008