CVE-2025-41279 | Waterfall WF-500 up to 7.9.1.0 R2502171040 Administration WebUI os command injection

**Executive summary:** A critical OS command injection (CWE-78) affecting the Administration WebUI of Waterfall WF-500 (CVE-2025-41279) can allow remote authenticated attackers to execute arbitrary operating system commands on the WF-500 RX Host; disclosed by Nozomi Networks and researcher Luca Borzacchiello with a VulDB score of 7.2, the issue requires additional authentication for exploitation, currently has no public technical details or exploit, and no known mitigations are provided.