CVE-2025-4008 — Smartbedded Meteobridge

Smartbedded Meteobridge Command Injection Vulnerability

Added to KEV

2025-10-02

Federal due date

2025-10-23

Vendor

Smartbedded

Product

Meteobridge

EPSS

97.6th percentile (score 0.439, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Unknown

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2025-4008

CISA short description

Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges (root) on affected devices.

Required action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.