NVD CRITICAL: CVE-2025-41273 — Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Altern...

Friday, May 29, 2026 at 12:16 PM UTC·Source: NIST NVD

Updated: Monday, June 1, 2026 at 07:00 PM UTC

Executive Summary

Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and perform actions as an authenticated user.

Analysis

Indicators of Compromise (2)

CVE (1)

CVE-2025-41273

NVD MITRE CVE

IPv4 (1)

7.9.1.0

VirusTotal Shodan AbuseIPDB

Source Attribution

Originally published by NIST NVD on May 29, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

Trump Signs Voluntary AI Cyber Review Order

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/trump-signs-voluntary-ai-cyber-review-order-image_small-6-a-31833.jpg" align=right hspace=4><b>White House Cuts Proposed AI Review Period From 90 Days to 30</b><br>President Trump signed an executive order creating a voluntary framework for evaluating advanced AI systems with significant cybersecurity capabilities, directing NSA,

15m agoBank Info Security

MEDIUMVulnerabilityNEW

White House unveils pared-back AI executive order

The order notes that federal access to the models should be subject to “appropriate confidentiality, cybersecurity, insider-risk, and intellectual-property protection, use, and nondisclosure requirements.”

32m agoThe Record

MEDIUMVulnerabilityNEW

EBA and NYDFS ink stablecoin MoU

The European Banking Authority (EBA) has signed a Memorandum of Understanding (MoU) with the New York State Department of Financial Services (NYDFS) under the Markets in Crypto-Assets Regulation (MiCA).

55m agoFinextra