Back to search
CVE-2025-41280
Published: May 29, 2026
Modified: May 29, 2026
PUBLISHED
Description
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled.
| Vendor | Product | Versions |
|---|---|---|
Waterfall | WF-500 | affected 0 - <= 7.9.1.0 R2502171040 |
Weaknesses (CWE)
References
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41280
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now