← ExploitWatch
HomeExploited Vulnerabilities

CVE-2025-4008 — Actively Exploited: Meteobridge (Smartbedded)

Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges (root) on affected devices.

CVE IDCVE-2025-4008
VendorSmartbedded
ProductMeteobridge
Vulnerability nameSmartbedded Meteobridge Command Injection Vulnerability
Date added2025-10-02
Remediation due2025-10-23
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionSmartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges (root) on affected devices.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →