EUVD-2025-209985

🗓️ 29 May 2026 10:41:12Reported by EUVDType

OS command injection in Waterfall WF-500 TX Host Admin WebUI v7.9.1.0 enables remote authenticated command execution.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2025-41265	29 May 202610:41	–	attackerkb
Circl	CVE-2025-41265	30 May 202611:39	–	circl
CNNVD	Waterfall WF-500 操作系统命令注入漏洞	29 May 202600:00	–	cnnvd
CVE	CVE-2025-41265	29 May 202610:41	–	cve
Cvelist	CVE-2025-41265	29 May 202610:41	–	cvelist
NVD	CVE-2025-41265	29 May 202612:16	–	nvd
Positive Technologies	PT-2026-44803	29 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-41265	5 Jun 202619:41	–	redhatcve
Vulnrichment	CVE-2025-41265	29 May 202610:41	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "96bcb20d-4740-3916-8966-d7c324d156e3",
        "vendor": {
          "name": "Waterfall"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "3b683f0e-1683-3298-b0d8-8686af9fbf7c",
        "product": {
          "name": "WF-500",
          "vendor": {
            "name": "Waterfall"
          }
        },
        "product_version": "0 ≤7.9.1.0 R2502171040"
      }
    ]
  }
]

Source	Link
nozominetworks	www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41265

29 May 2026 14:36Current

6.1Medium risk

Vulners AI Score6.1

CVSS 48.6

EPSS0.00306