CVE-2025-4008
HIGHCVSS v3
8.8
HIGH
EPSS Score
43.9%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 5/21/2025
- Last Modified
- 10/27/2025
Frequently Asked Questions
What is CVE-2025-4008?
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
Is CVE-2025-4008 actively exploited?
Active exploitation of CVE-2025-4008 has not been confirmed. The EPSS score is 43.9%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2025-4008?
CVE-2025-4008 has a CVSS v3 base score of 8.8 (HIGH severity), with vector string 3.1.
Is CVE-2025-4008 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.