A high-severity vulnerability in Smartbedded's Meteobridge, tracked as CVE-2025-4008, is being actively exploited in the wild, prompting CISA to add it to its Known Exploited Vulnerabilities (KEV) catalog on October 2, 2025. This flaw, with a CVSS score of 8.8, allows remote attackers to execute arbitrary commands on the affected systems due to improper input validation in the web interface's CGI shell scripts.
The vulnerability, identified as a command injection issue, affects the Meteobridge web interface, which is used by administrators to manage weather station data. The flaw stems from CWE-77 and CWE-306, indicating both command injection and improper authentication handling. Exploitation of this vulnerability can lead to unauthorized control over the device, potentially compromising the integrity of weather data and the security of the network it resides on.
CVE-2025-4008 was initially disclosed on May 21, 2025, and has since been exploited within 133 days of its disclosure, highlighting the urgency for mitigation. The Exploit Prediction Scoring System (EPSS) assigns it a score of 0.439, reflecting a moderate likelihood of exploitation, yet the active exploitation status underscores the immediate threat it poses.
Administrators using Meteobridge are urged to apply available patches or implement recommended mitigations to protect their systems. The SSVC (Stakeholder-Specific Vulnerability Categorization) advises immediate attention to this vulnerability. Organizations should verify their Meteobridge installations and ensure that any exposed endpoints are secured against unauthorized access.
CSURFACE