CVE-2025-4008 – Rbcafe

Skip to content

Blog
Contact Rbcafe
Security
- Archives CVE
- CVE
- Swag
Software
- Cryptext
- Hash
- Host3r
- Inventory Pro
- Outguess
- Review Sherlock
- Time Up
- Tracking
- Voice
- Worktime
- Yang
- Zen
Support
- Documentation
- Privacy Policy

Rbcafe

Blog
Contact Rbcafe
Security
- Archives CVE
- CVE
- Swag
Software
- Cryptext
- Hash
- Host3r
- Inventory Pro
- Outguess
- Review Sherlock
- Time Up
- Tracking
- Voice
- Worktime
- Yang
- Zen
Support
- Documentation
- Privacy Policy

Rbcafe

CVE : CVE-2025-4008

ID: CVE-2025-4008
Status: PUBLISHED
Source: ONEKEY
JSON: MITRE

Temporalité

Publié: 2025-05-21
Dernière modification: 2025-10-02

CVSS

Score: 8.7 (High)
Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0

Carte CIA (CVSS) Score 10 [ C : 10 ] [ I : 10 ] [ A : 10 ]

CWE

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77) CWE-306 Missing Authentication for Critical Function (CWE-306)

Description

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.

This web interface exposes an endpoint that is vulnerable to command injection.

Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.