OS Command Injection Vulnerability in Nozomi Networks Waterfall WF-500 RX Host
CVE-2025-41279

8.6HIGH

Key Information:

Vendor: Waterfall
Status: Wf-500
Vendor: CVE Published:; 29 May 2026

What is CVE-2025-41279?

A vulnerability has been identified in the Administration WebUI of Nozomi Networks’ Waterfall WF-500 RX Host, specifically in version 7.9.1.0 R2502171040. This flaw is categorized under CWE-78 due to improper neutralization of special elements used in operating system commands. It allows remote authenticated attackers to execute arbitrary commands on the host system, posing a significant security risk to affected installations.

Affected Version(s)

WF-500 0 <= 7.9.1.0 R2502171040

References

https://www.nozominetworks.com/labs/vulnerability-advisor...

third-party-advisory

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
Apr 16, 2025

Credit

Luca Borzacchiello at Nozomi Networks

CVE-2025-41279 Data

JSON