Article Details
Scrape Timestamp (UTC): 2025-10-03 08:26:09.478
Source: https://thehackernews.com/2025/10/cisa-flags-meteobridge-cve-2025-4008.html
Original Article Text
Click to Toggle View
CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-4008 (CVSS score: 8.7), is a case of command injection in the Meteobridge web interface that could result in code execution. "Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges (root) on affected devices," CISA Said. According to ONEKEY, which discovered and reported the issue in late February 2025, the Meteobridge web interface lets an administrator manage their weather station data collection and control the system through a web application written in CGI shell scripts and C. Specifically, the web interface exposes a "template.cgi" script through "/cgi-bin/template.cgi," which is vulnerable to command injection stemming from the insecure use of eval calls, allowing an attacker to supply specially crafted requests to execute arbitrary code - Furthermore, ONEKEY said the vulnerability can be exploited by unauthenticated attackers due to the fact that the CGI script is hosted in a public directory without requiring any authentication. "Remote exploitation through a malicious webpage is also possible since it's a GET request without any kind of custom header or token parameter," security researcher Quentin Kaiser noted back in May. "Just send a link to your victim and create img tags with the src set to 'https://subnet.a/public/template.cgi?templatefile=$(command).'" There are currently no public reports referencing how CVE-2025-4008 is being exploited in the wild. The vulnerability was addressed in Meteobridge version 6.2, released on May 13, 2025. Also added by CISA to the KEV catalog are four other flaws - In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary updates by October 23, 2025, for optimal protection.
Daily Brief Summary
CISA has added the Meteobridge CVE-2025-4008 vulnerability to its Known Exploited Vulnerabilities catalog, indicating active exploitation of this high-severity flaw.
The vulnerability, with a CVSS score of 8.7, involves command injection in the Meteobridge web interface, potentially allowing remote code execution with root privileges.
Discovered by ONEKEY, the flaw affects the web application managing weather station data, exploiting insecure eval calls in the CGI script "template.cgi".
Attackers can exploit the vulnerability without authentication, using specially crafted GET requests, making it possible to execute arbitrary code remotely.
Meteobridge addressed the issue in version 6.2, released in May 2025; however, active exploitation necessitates immediate patching.
Federal Civilian Executive Branch agencies must apply updates by October 23, 2025, to mitigate risks associated with this vulnerability.
The inclusion of this flaw in the KEV catalog underscores the critical need for timely patch management to protect against emerging threats.