CVE-2025-41273
Authentication Bypass in Waterfall WF-500 Hosts
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: Nozomi Networks Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nozomi_networks | waterfall_wf-500 | 7.9.1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authentication bypass issue identified in the Console WebUI of Waterfall WF-500 TX and RX Hosts version 7.9.1.0. It allows remote attackers who are not authenticated to bypass the normal authentication process and gain access to the Console web application as if they were authenticated users.
How can this vulnerability impact me? :
The impact of this vulnerability is significant because it allows unauthorized remote attackers to perform actions within the Console web application without proper authentication. This could lead to unauthorized access, manipulation, or control of the affected system.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to update the Waterfall WF-500 TX and RX Hosts software to version 7.10.0.0 R2601141040.