CVE-2025-41271

Published: May 29, 2026

Modified: May 29, 2026

PUBLISHED

Description

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device.

Vendor	Product	Versions
Waterfall	WF-500	affected `0 - <= 7.9.1.0 R2502171040`

Weaknesses (CWE)

CWE-23

References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41271

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-41271

Description

Affected Products

Weaknesses (CWE)

References