Cyber Resilience

CVE-2025-41278

High

Published: 29 May 2026

Published
29 May 2026
Modified
01 June 2026
KEV Added
Patch
CVSS Score v4 7.5 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0012 2.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-41278 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Waterfall-Security Wf-500 Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 2.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

waterfall-security
wf-500 firmware
≤ 7.9.1.0_r2502171040

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References