CVE 8.8 HIGH

CVE-2025-41268_CVE-2025-41268

May 29, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines.

AI Analysis

Relative Path Traversal vulnerability in Waterfall WF-500 Administration WebUI

Basic Information

ID CVE-2025-41268

Source Nozomi

Published May 29, 2026 at 10:49

Affected Product

Vendor Waterfall

Product WF-500

Affected Versions Waterfall WF-500 0

CWE Classification

CWE-23

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Waterfall

Product WF-500

Version 7.9.1.0 R2502171040

References

www.nozominetworks.com /labs/vulnerability-advisories-cve-2025-41268

{
    "lastseen": "",
    "description": "Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines.",
    "published": "2026-05-29T10:49:29.042Z",
    "modified": "2026-05-29T10:49:29.042Z",
    "type": "cve",
    "title": "CVE-2025-41268",
    "source": "Nozomi",
    "references": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41268",
    "id": "CVE-2025-41268",
    "bulletinFamily": "",
    "cwe": [
        "CWE-23"
    ],
    "cvelist": null,
    "sourceData": "Waterfall WF-500 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WF-500",
    "version": "0",
    "vendor": "Waterfall",
    "ai_description": "Relative Path Traversal vulnerability in Waterfall WF-500 Administration WebUI",
    "ai_severity": "High",
    "ai_vendor": "Waterfall",
    "ai_product": "WF-500",
    "ai_version": "7.9.1.0 R2502171040",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply