CVE-2025-41273

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.1%

EPSS Percentile

34th

Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and perform actions as an authenticated user.

CWE	CWE-288
Vendor	waterfall
Product	wf-500
Published	May 29, 2026
Last Updated	May 29, 2026

Stay Ahead of the Next One

Get instant alerts for waterfall wf-500

Be the first to know when new unknown vulnerabilities affecting waterfall wf-500 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Waterfall / WF-500

0 ≤ 7.9.1.0 R2502171040

References

NVD ↗ CVE.org ↗ EPSS Data ↗

nozominetworks.com: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41273

Credits

Luca Borzacchiello at Nozomi Networks