Patched in mid-May, the security defect allows remote unauthenticated attackers to execute arbitrary commands with root privileges.
October 3, 2025 By Ionut Arghire
The US cybersecurity agency CISA on Thursday warned that a Meteobridge vulnerability patched in May has been exploited in attacks and added the flaw to its Known Exploited Vulnerabilities (KEV) catalog.
Meteobridge is a device that allows administrators to connect their weather stations to public weather networks. Station data collection and system management functionality is provided through the Meteobridge web interface.
While Meteobridge should not be exposed to the internet, there are roughly 100 devices that are accessible from the public web, Shodan historical data shows. This misconfiguration exposes vulnerable devices to potential attacks.
Tracked as CVE-2025-4008 (CVSS score of 8.7), the Meteobridge bug now flagged as exploited was identified in a web interface endpoint (a CGI shell script) that is prone to command injection.
