CVE-2025-41265
HIGH WAF: High
CVSS 7.2
Published: 2026-05-29
CWE-78
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| waterfall-security | wf-500_firmware | up to 7.9.1.0_r2502171040 |
References
- www.nozominetworks.com (Vendor Advisory)