CVE-2025-4008

Severity CVSS v4.0:
HIGH
Type:
CWE-77 Command Injection
Publication date:
21/05/2025
Last modified:
23/05/2025

Description

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.<br /> <br /> This web interface exposes an endpoint that is vulnerable to command injection.<br /> <br /> Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.