CVE-2025-41281 – Nozomi Networks Labs Waterfall WF-500 OS Command Injection

CVE ID :CVE-2025-41281

Published : May 29, 2026, 12:16 p.m. | 16 minutes ago

Description :Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9811 – Mautic Stored Cross-Site Scripting (XSS) Vulnerability

CVE-2026-9809 – Mautic Stored XSS in Projects Component

CVE-2026-9808 – Mautic Authorization Bypass

CVE-2026-9559 – Mautic Remote Code Execution via Path Traversal