CVE-2025-41281
HIGH WAF: High
CVSS 7.8
Published: 2026-05-29
CWE-78
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| waterfall-security | wf-500_firmware | up to 7.9.1.0_r2502171040 |
References
- www.nozominetworks.com (Vendor Advisory)