CVE-2025-41272 | Waterfall WF-500 up to 7.9.1.0 R2502171040 Console WebUI os command injection
ID: 7d926a49-a24e-59e7-ae56-bb8f25b4cc4b
STIX ID: report--7d926a49-a24e-59e7-ae56-bb8f25b4cc4b
Feed Name: VulDB Recent Entries
Threat Score
A critical OS command injection vulnerability (CVE-2025-41272, CVSS 9.8) affects the Console WebUI of Waterfall WF-500 devices up to version 7.9.1.0 R2502171040, permitting remote, unauthenticated attackers to execute arbitrary operating system commands; disclosed by Nozomi Networks Labs and researcher Luca Borzacchiello, the issue currently has no public exploit or known mitigations.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.