Relative Path Traversal in Waterfall WF-500 TX and RX Hosts by Nozomi Networks
CVE-2025-41271

8.7HIGH

Key Information:

Vendor: Waterfall
Status: Wf-500
Vendor: CVE Published:; 29 May 2026

What is CVE-2025-41271?

A vulnerability identified in Waterfall WF-500 TX and RX Hosts allows remote unauthenticated attackers to exploit a flaw in the Console WebUI. This flaw enables attackers to read arbitrary files from the device, potentially leading to unauthorized information disclosure.

Affected Version(s)

WF-500 0 <= 7.9.1.0 R2502171040

References

https://www.nozominetworks.com/labs/vulnerability-advisor...

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
Apr 16, 2025

Credit

Luca Borzacchiello at Nozomi Networks

CVE-2025-41271 Data

JSON