Critical severity9.1NVD Advisory· Published May 29, 2026· Updated Jun 1, 2026
CVE-2025-41268
CVE-2025-41268
Description
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines.
Affected products
2- cpe:2.3:o:waterfall-security:wf-500_firmware:*:*:*:*:*:*:*:*Range: <=7.9.1.0_r2502171040
- Range: 7.9.1.0 R2502171040
Patches
Vulnerability mechanics
References
1- www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41268nvdVendor Advisory
News mentions
0No linked articles in our index yet.