CVE-2025-41280 | Waterfall WF-500 up to 7.9.1.0 R2502171040 File Compression path traversal

A critical vulnerability (CVE-2025-41280) affecting Waterfall WF-500 (up to 7.9.1.0 R2502171040) is disclosed: a relative path traversal (Zip Slip) in the File Compression Handler that may allow attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled. CVSS meta/temp score is 7.8, exploitation requires local access, no exploit is currently available, and no concrete mitigations are documented.