Out-of-Bounds Read Vulnerability in Waterfall WF-500 RX Host by Nozomi Networks
CVE-2025-41278

7.5HIGH

Key Information:

Vendor: Waterfall
Status: Wf-500
Vendor: CVE Published:; 29 May 2026

What is CVE-2025-41278?

A vulnerability in the Waterfall WF-500 RX Host identified by Nozomi Networks Labs allows attackers with access to the TX Host to exploit an out-of-bounds read condition. This may enable unauthorized code execution on the RX Host, posing significant security risks. Users are advised to review and secure their systems immediately to mitigate potential threats.

Affected Version(s)

WF-500 0 <= 7.10.0.0 R2601141040

References

https://www.nozominetworks.com/labs/vulnerability-advisor...

third-party-advisory

CVSS V4

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
Apr 16, 2025

Credit

Luca Borzacchiello at Nozomi Networks

CVE-2025-41278 Data

JSON