Description
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled.
Published: 2026-05-29
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Waterfall’s WF‑500 RX Host (v7.9.1.0 R2502171040) contains a relative path traversal flaw, a classic Zip Slip vulnerability described by CWE-23. When a MySQL connector is enabled and file compression is turned on, an attacker who can reach the TX Host can craft a malicious archive that causes the RX Host to write or execute files outside their intended directory. This flaw leads directly to arbitrary code execution on the RX Host, exposing the system to full compromise if the attacker succeeds.

Affected Systems

All deployments of Waterfall WF‑500 RX Host running version 7.9.1.0 R2502171040 with a MySQL connector configured and file compression enabled are affected. The flaw resides in the data‑handling code of the RX Host component, impacting only the listed version unless earlier revisions contain the same logic.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity flaw. EPSS data is not available and the vulnerability is not listed in CISA KEV, so application of exploitation data is uncertain. The attack vector requires an attacker to have network access to the TX Host, so those who can reach the TX side pose a significant risk. Successful exploitation would give the attacker full control over the RX Host, allowing deployment of malware, data exfiltration, or disruption of services.

Generated by OpenCVE AI on May 29, 2026 at 12:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s latest firmware or patch that addresses the relative path traversal in the RX Host of Waterfall WF‑500
  • If a patch is not yet available, disable file compression on the RX Host or remove the MySQL connector from the TX Host to eliminate the code path that processes the vulnerable archives
  • Implement path validation on any custom archive handling or enforce strict whitelists for file extraction to mitigate similar Zip Slip variants

Generated by OpenCVE AI on May 29, 2026 at 12:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Waterfall
Waterfall wf-500
Vendors & Products Waterfall
Waterfall wf-500

Fri, 29 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 May 2026 13:15:00 +0000

Type Values Removed Values Added
Title Relative Path Traversal in Waterfall WF‑500 Allowing Remote Code Execution

Fri, 29 May 2026 11:45:00 +0000

Type Values Removed Values Added
Description Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled.
Weaknesses CWE-23
References
Metrics cvssV4_0

{'score': 7.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Waterfall Wf-500
cve-icon MITRE

Status: PUBLISHED

Assigner: Nozomi

Published:

Updated: 2026-05-29T13:37:18.914Z

Reserved: 2025-04-16T09:53:43.284Z

Link: CVE-2025-41280

cve-icon Vulnrichment

Updated: 2026-05-29T13:37:14.761Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-29T12:16:24.547

Modified: 2026-05-29T14:06:47.240

Link: CVE-2025-41280

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:46:47Z

Weaknesses