CVE-2025-41268 Waterfall CVE debrief

Who should care

Organizations deploying Waterfall WF-500 unidirectional security gateways in critical infrastructure environments, including electric utilities, oil and gas facilities, manufacturing plants, and other industrial control system deployments where operational technology network segmentation depends on Waterfall gateway integrity.

Technical summary

The Administration WebUI in Waterfall WF-500 TX and RX Hosts firmware version 7.9.1.0 R2502171040 fails to properly sanitize user-supplied file paths, allowing relative path traversal sequences to reach outside intended directories. A remote unauthenticated attacker can exploit this weakness to delete arbitrary files on the underlying host operating system. The vulnerability is reachable over the network without authentication credentials or user interaction. Successful exploitation results in high integrity and availability impact to the host system, with potential to disrupt unidirectional gateway operations or compromise system stability.

Defensive priority

HIGH

Recommended defensive actions

• Restrict network access to Waterfall WF-500 Administration WebUI interfaces to authorized management hosts only
• Apply vendor-provided firmware updates when available from Waterfall Security
• Monitor for anomalous file deletion activity on WF-500 TX and RX Host systems
• Review and validate input sanitization on all WebUI endpoints accepting file paths
• Segment WF-500 management interfaces from operational technology networks per IEC 62443 zone and conduit guidance

Evidence notes

The vulnerability is classified as CWE-23 (Relative Path Traversal) per the primary weakness source from Nozomi Networks. CPE criteria confirm affected product as Waterfall Security WF-500 firmware up to and including version 7.9.1.0_r2502171040. The CVSS 4.0 score of 8.8 reflects HIGH severity with network accessibility and unauthenticated exploitation path.

Official resources