CVE 8.7 HIGH

CVE-2025-41271_CVE-2025-41271

May 29, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device.

AI Analysis

Relative Path Traversal vulnerability in the Console WebUI of Waterfall WF-500 TX and RX Hosts

Basic Information

ID CVE-2025-41271

Source Nozomi

Published May 29, 2026 at 10:51

Affected Product

Vendor Waterfall

Product WF-500

Version 7.9.1.0 R2502171040

Affected Versions Waterfall WF-500 0

CWE Classification

CWE-23

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Waterfall

Product WF-500

Version 7.9.1.0 R2502171040

References

www.nozominetworks.com /labs/vulnerability-advisories-cve-2025-41271

{
    "lastseen": "",
    "description": "Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device.",
    "published": "2026-05-29T10:51:40.281Z",
    "modified": "2026-05-29T10:51:40.281Z",
    "type": "cve",
    "title": "CVE-2025-41271",
    "source": "Nozomi",
    "references": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41271",
    "id": "CVE-2025-41271",
    "bulletinFamily": "",
    "cwe": [
        "CWE-23"
    ],
    "cvelist": null,
    "sourceData": "Waterfall WF-500 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WF-500",
    "version": "7.9.1.0 R2502171040",
    "vendor": "Waterfall",
    "ai_description": "Relative Path Traversal vulnerability in the Console WebUI of Waterfall WF-500 TX and RX Hosts",
    "ai_severity": "High",
    "ai_vendor": "Waterfall",
    "ai_product": "WF-500",
    "ai_version": "7.9.1.0 R2502171040",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply