CISA reportd active exploitation of Meteobridge command injection flaw
Take action: Now it's urgent because these devices are being attacked. If you use a MeteoBridge device, make sure it's not directly accessible from the internet and isolate it from the rest of the networks. Then upgrade to firmware version 6.2 or later.
Learn More
CISA has issued an advisory about active exploitation of a vulnerability in Smartbedded Meteobridge devices.
Meteobridge, developed by Smartbedded, is a specialized device platform that connects personal weather stations to public weather networks like Weather Underground. The system allows users to share microclimate data over the internet and is deployed in both consumer and industrial settings, including agriculture and meteorology sectors.
The vulnerability is tracked as CVE-2025-4008 (CVSS score 8.7), a remote command execution vulnerability that enables attackers to gain complete control of MeteoBridge devices. The flaw was discovered by ONEKEY Research in late February 2025.
Historical data from Shodan reports that between 70 and 130 Meteobridge devices are visible and accessible from the public internet at any given time, despite vendor recommendations against internet exposure.
Meteobridge firmware versions 6.1 and below are vulnerable to CVE-2025-4008. The vulnerability was patched in Meteobridge version 6.2, which Smartbedded released on May 13, 2025.
Smartbedded, has emphasized in their advisory that exposing MeteoBridge devices to the internet is not recommended.
Users can verify their current MeteoBridge version through the device's web interface and should immediately upgrade to version 6.2 or later. Ofcouurse, users should ensure their MeteoBridge devices are not directly accessible from the internet and are properly segmented within their networks with appropriate firewall rules in place.
