CVE-2025-4008
HIGH KEV NUCLEIMeteobridge VM and Firmware < 6.2 - Unauthenticated Remote Command Execution
Title source: llmExploitation Summary
CVE-2025-4008 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added October 2, 2025. A Nuclei detection template is also available.
Description
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
Nuclei Templates (1)
MeteoBridge <= 6.1 - Remote Code Execution
HIGHVERIFIEDby iamnoooob,pdresearch
Shodan:
meteobridge
FOFA:
Meteobridge
References (3)
Core 3
Core References
Exploit, Third Party Advisory third-party-advisory
https://www.onekey.com/resource/security-advisory-remote-command-execution-on-smartbedded-meteobridge-cve-2025-4008
Vendor Advisory vendor-advisory
https://forum.meteohub.de/viewtopic.php?t=18687
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-4008
Scores
CVSS v3
8.8
EPSS
0.4392
EPSS Percentile
97.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
total
Details
CISA KEV
2025-10-02
VulnCheck KEV
2025-10-02
ENISA EUVD
EUVD-2025-16032
CWE
CWE-306
CWE-77
Status
published
Products (2)
smartbedded/meteobridge_firmware
< 6.2
smartbedded/meteobridge_vm
< 6.2
Published
May 21, 2025
KEV Added
Oct 02, 2025
Tracked Since
Feb 18, 2026