CVE-2025-41278 - Vulnerability Details - OpenCVE

Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Waterfall	Wf-500

No data.

No data.

References

Link	Providers
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41278

History

Fri, 29 May 2026 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Waterfall Waterfall wf-500
Vendors & Products		Waterfall Waterfall wf-500

Fri, 29 May 2026 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 29 May 2026 12:45:00 +0000

Type	Values Removed	Values Added
Title		Out‑of‑Bounds Read Allowing Remote Code Execution via TX Host Access on Waterfall WF‑500

Fri, 29 May 2026 11:45:00 +0000

Type	Values Removed	Values Added
Description		Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host.
Weaknesses		CWE-125
References		https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41278
Metrics		cvssV4_0 `{'score': 7.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Nozomi

Published: 2026-05-29T10:58:37.123Z

Updated: 2026-05-29T13:39:01.031Z

Reserved: 2025-04-16T09:53:43.283Z

Link: CVE-2025-41278

Vulnrichment

Updated: 2026-05-29T13:38:55.875Z

NVD

Status : Awaiting Analysis

Published: 2026-05-29T12:16:24.293

Modified: 2026-05-29T14:06:26.220

Link: CVE-2025-41278

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-41278", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "state": "PUBLISHED", "assignerShortName": "Nozomi", "dateReserved": "2025-04-16T09:53:43.283Z", "datePublished": "2026-05-29T10:58:37.123Z", "dateUpdated": "2026-05-29T13:39:01.031Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2026-05-29T10:58:37.123Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-540", "descriptions": [{"lang": "en", "value": "CAPEC-540 Overread Buffers"}]}], "affected": [{"vendor": "Waterfall", "product": "WF-500", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "7.10.0.0 R2601141040", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host.</p>"}]}], "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41278", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Luca Borzacchiello at Nozomi Networks", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-29T13:38:50.831959Z", "id": "CVE-2025-41278", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-29T13:39:01.031Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41278", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-29T13:38:50.831959Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-29T13:38:55.875Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Luca Borzacchiello at Nozomi Networks"}], "impacts": [{"capecId": "CAPEC-540", "descriptions": [{"lang": "en", "value": "CAPEC-540 Overread Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Waterfall", "product": "WF-500", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "7.10.0.0 R2601141040"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41278", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host.", "supportingMedia": [{"type": "text/html", "value": "<p>Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2026-05-29T10:58:37.123Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41278", "state": "PUBLISHED", "dateUpdated": "2026-05-29T13:39:01.031Z", "dateReserved": "2025-04-16T09:53:43.283Z", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "datePublished": "2026-05-29T10:58:37.123Z", "assignerShortName": "Nozomi"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host."}], "id": "CVE-2025-41278", "lastModified": "2026-05-29T14:06:26.220", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "prodsec@nozominetworks.com", "type": "Secondary"}]}, "published": "2026-05-29T12:16:24.293", "references": [{"source": "prodsec@nozominetworks.com", "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41278"}], "sourceIdentifier": "prodsec@nozominetworks.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "prodsec@nozominetworks.com", "type": "Primary"}]}