216.73.216.233

CVE-2025-4008

· Published 02/10/2025 02:00 · Modified 21/12/2025 18:21 · Author: Cybersecurity and Infrastructure Security Agency

Labels: CVE-2025-4008 2025-05-21CVE-2025-4008CWE-77[email protected]

Essential information

Published
02/10/2025 02:00
Modified
21/12/2025 18:21
Author
Cybersecurity and Infrastructure Security Agency
Creator
Cybersecurity and Infrastructure Security Agency
CVSS
8.8 HIGH (v3.1) 9.4 CRITICAL (v4.0)
CISA KEV
Yes
CWE
CVSS vector
CVSS:3.1/AV:A/C:H/I:H/A:H

CVSS metrics

Description

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
onekey / meteobridge cpe:2.3:a:onekey:meteobridge:*:*:*:*:*:*:*:*

References

Related entities

Attack reports, intrusion sets, malwares, attack patterns and indicators linked to this vulnerability.

Attack reports (2)