The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity vulnerability, CVE-2025-4008, affecting Smartbedded Meteobridge to its Known Exploited Vulnerabilities catalog, noting active exploitation risks. This command injection flaw allows unauthenticated attackers to execute arbitrary code due to insecure CGI script handling in a public directory. The vulnerability was first reported by ONEKEY in February 2025 and has been addressed in a software update released on May 13, 2025. This incident underscores the critical need for robust cybersecurity measures, as such vulnerabilities can lead to significant breaches if not promptly mitigated, emphasizing the importance of vigilance in protecting infrastructure and sensitive data.