Search criteria
267 vulnerabilities
CVE-2025-41281 (GCVE-0-2025-41281)
Vulnerability from cvelistv5 – Published: 2026-05-29 11:00 – Updated: 2026-05-29 13:36
VLAI
Summary
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured.
Severity
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | third-party-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T13:36:33.262949Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:36:44.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WF-500",
"vendor": "Waterfall",
"versions": [
{
"lessThanOrEqual": "7.9.1.0 R2502171040",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured.\u003c/p\u003e"
}
],
"value": "Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T11:00:16.558Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41281"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-41281",
"datePublished": "2026-05-29T11:00:16.558Z",
"dateReserved": "2025-04-16T09:53:43.284Z",
"dateUpdated": "2026-05-29T13:36:44.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41280 (GCVE-0-2025-41280)
Vulnerability from cvelistv5 – Published: 2026-05-29 10:59 – Updated: 2026-05-29 13:37
VLAI
Summary
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled.
Severity
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | third-party-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T13:37:05.745440Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:37:18.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WF-500",
"vendor": "Waterfall",
"versions": [
{
"lessThanOrEqual": "7.9.1.0 R2502171040",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled.\u003c/p\u003e"
}
],
"value": "Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T10:59:40.686Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41280"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-41280",
"datePublished": "2026-05-29T10:59:40.686Z",
"dateReserved": "2025-04-16T09:53:43.284Z",
"dateUpdated": "2026-05-29T13:37:18.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41279 (GCVE-0-2025-41279)
Vulnerability from cvelistv5 – Published: 2026-05-29 10:59 – Updated: 2026-05-29 13:38
VLAI
Summary
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 RX Host.
Severity
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | third-party-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T13:38:20.763131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:38:35.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WF-500",
"vendor": "Waterfall",
"versions": [
{
"lessThanOrEqual": "7.9.1.0 R2502171040",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 RX Host.\u003c/p\u003e"
}
],
"value": "Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 RX Host."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T10:59:10.976Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41279"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-41279",
"datePublished": "2026-05-29T10:59:10.976Z",
"dateReserved": "2025-04-16T09:53:43.283Z",
"dateUpdated": "2026-05-29T13:38:35.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41278 (GCVE-0-2025-41278)
Vulnerability from cvelistv5 – Published: 2026-05-29 10:58 – Updated: 2026-05-29 13:39
VLAI
Summary
Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host.
Severity
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | third-party-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41278",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T13:38:50.831959Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:39:01.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WF-500",
"vendor": "Waterfall",
"versions": [
{
"lessThanOrEqual": "7.10.0.0 R2601141040",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host.\u003c/p\u003e"
}
],
"value": "Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host."
}
],
"impacts": [
{
"capecId": "CAPEC-540",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-540 Overread Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T10:58:37.123Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41278"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-41278",
"datePublished": "2026-05-29T10:58:37.123Z",
"dateReserved": "2025-04-16T09:53:43.283Z",
"dateUpdated": "2026-05-29T13:39:01.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41277 (GCVE-0-2025-41277)
Vulnerability from cvelistv5 – Published: 2026-05-29 10:57 – Updated: 2026-05-29 13:39
VLAI
Summary
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
Severity
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | third-party-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T13:39:21.453113Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:39:31.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WF-500",
"vendor": "Waterfall",
"versions": [
{
"lessThanOrEqual": "7.9.1.0 R2502171040",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.\u003c/p\u003e"
}
],
"value": "Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T10:57:59.758Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41277"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-41277",
"datePublished": "2026-05-29T10:57:59.758Z",
"dateReserved": "2025-04-16T09:53:43.283Z",
"dateUpdated": "2026-05-29T13:39:31.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41276 (GCVE-0-2025-41276)
Vulnerability from cvelistv5 – Published: 2026-05-29 10:57 – Updated: 2026-05-29 13:40
VLAI
Summary
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
Severity
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | third-party-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41276",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T13:39:47.086583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:40:10.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WF-500",
"vendor": "Waterfall",
"versions": [
{
"lessThanOrEqual": "7.9.1.0 R2502171040",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.\u003c/p\u003e"
}
],
"value": "Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T10:57:22.463Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41276"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-41276",
"datePublished": "2026-05-29T10:57:22.463Z",
"dateReserved": "2025-04-16T09:53:43.283Z",
"dateUpdated": "2026-05-29T13:40:10.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41275 (GCVE-0-2025-41275)
Vulnerability from cvelistv5 – Published: 2026-05-29 10:56 – Updated: 2026-05-29 13:40
VLAI
Summary
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
Severity
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | third-party-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41275",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T13:40:26.355034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:40:36.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WF-500",
"vendor": "Waterfall",
"versions": [
{
"lessThanOrEqual": "7.9.1.0 R2502171040",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.\u003c/p\u003e"
}
],
"value": "Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T10:56:28.855Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41275"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-41275",
"datePublished": "2026-05-29T10:56:28.855Z",
"dateReserved": "2025-04-16T09:53:43.283Z",
"dateUpdated": "2026-05-29T13:40:36.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41274 (GCVE-0-2025-41274)
Vulnerability from cvelistv5 – Published: 2026-05-29 10:53 – Updated: 2026-05-29 13:37
VLAI
Summary
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
Severity
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | third-party-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T13:37:44.938993Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:37:55.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WF-500",
"vendor": "Waterfall",
"versions": [
{
"lessThanOrEqual": "7.9.1.0 R2502171040",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.\u003c/p\u003e"
}
],
"value": "Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T10:53:38.156Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41274"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-41274",
"datePublished": "2026-05-29T10:53:38.156Z",
"dateReserved": "2025-04-16T09:53:41.254Z",
"dateUpdated": "2026-05-29T13:37:55.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41273 (GCVE-0-2025-41273)
Vulnerability from cvelistv5 – Published: 2026-05-29 10:53 – Updated: 2026-05-29 13:41
VLAI
Summary
Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and perform actions as an authenticated user.
Severity
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | third-party-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T13:41:47.583391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:41:58.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WF-500",
"vendor": "Waterfall",
"versions": [
{
"lessThanOrEqual": "7.9.1.0 R2502171040",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and perform actions as an authenticated user.\u003c/p\u003e"
}
],
"value": "Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and perform actions as an authenticated user."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T10:53:02.555Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41273"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-41273",
"datePublished": "2026-05-29T10:53:02.555Z",
"dateReserved": "2025-04-16T09:53:41.254Z",
"dateUpdated": "2026-05-29T13:41:58.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41272 (GCVE-0-2025-41272)
Vulnerability from cvelistv5 – Published: 2026-05-29 10:52 – Updated: 2026-05-29 13:42
VLAI
Summary
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
Severity
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | third-party-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T13:42:17.154302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:42:26.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WF-500",
"vendor": "Waterfall",
"versions": [
{
"lessThanOrEqual": "7.9.1.0 R2502171040",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.\u003c/p\u003e"
}
],
"value": "Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T10:52:21.010Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41272"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-41272",
"datePublished": "2026-05-29T10:52:21.010Z",
"dateReserved": "2025-04-16T09:53:41.254Z",
"dateUpdated": "2026-05-29T13:42:26.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41271 (GCVE-0-2025-41271)
Vulnerability from cvelistv5 – Published: 2026-05-29 10:51 – Updated: 2026-05-29 13:42
VLAI
Summary
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device.
Severity
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | third-party-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T13:42:42.503918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:42:55.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WF-500",
"vendor": "Waterfall",
"versions": [
{
"lessThanOrEqual": "7.9.1.0 R2502171040",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device.\u003c/p\u003e"
}
],
"value": "Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T10:51:40.281Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41271"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-41271",
"datePublished": "2026-05-29T10:51:40.281Z",
"dateReserved": "2025-04-16T09:53:41.254Z",
"dateUpdated": "2026-05-29T13:42:55.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41270 (GCVE-0-2025-41270)
Vulnerability from cvelistv5 – Published: 2026-05-29 10:51 – Updated: 2026-05-29 13:43
VLAI
Summary
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
Severity
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | third-party-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41270",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T13:43:12.413811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:43:25.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WF-500",
"vendor": "Waterfall",
"versions": [
{
"lessThanOrEqual": "7.9.1.0 R2502171040",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.\u003c/p\u003e"
}
],
"value": "Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T10:51:03.402Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41270"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-41270",
"datePublished": "2026-05-29T10:51:03.402Z",
"dateReserved": "2025-04-16T09:53:41.254Z",
"dateUpdated": "2026-05-29T13:43:25.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41269 (GCVE-0-2025-41269)
Vulnerability from cvelistv5 – Published: 2026-05-29 10:50 – Updated: 2026-05-29 13:41
VLAI
Summary
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.
Severity
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | third-party-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41269",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T13:40:54.419864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:41:05.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WF-500",
"vendor": "Waterfall",
"versions": [
{
"lessThanOrEqual": "7.9.1.0 R2502171040",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.\u003c/p\u003e"
}
],
"value": "Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T10:50:06.202Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41269"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-41269",
"datePublished": "2026-05-29T10:50:06.202Z",
"dateReserved": "2025-04-16T09:53:41.254Z",
"dateUpdated": "2026-05-29T13:41:05.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41268 (GCVE-0-2025-41268)
Vulnerability from cvelistv5 – Published: 2026-05-29 10:49 – Updated: 2026-05-29 13:41
VLAI
Summary
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines.
Severity
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | third-party-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T13:41:21.762972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:41:30.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WF-500",
"vendor": "Waterfall",
"versions": [
{
"lessThanOrEqual": "7.9.1.0 R2502171040",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines.\u003c/p\u003e"
}
],
"value": "Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T10:49:29.042Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41268"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-41268",
"datePublished": "2026-05-29T10:49:29.042Z",
"dateReserved": "2025-04-16T09:53:41.253Z",
"dateUpdated": "2026-05-29T13:41:30.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41267 (GCVE-0-2025-41267)
Vulnerability from cvelistv5 – Published: 2026-05-29 10:48 – Updated: 2026-05-29 14:03
VLAI
Summary
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host.
Severity
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | third-party-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T13:45:14.128243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T14:03:35.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WF-500",
"vendor": "Waterfall",
"versions": [
{
"lessThanOrEqual": "7.9.1.0 R2502171040",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host.\u003c/p\u003e"
}
],
"value": "Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T10:48:51.842Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41267"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-41267",
"datePublished": "2026-05-29T10:48:51.842Z",
"dateReserved": "2025-04-16T09:53:41.253Z",
"dateUpdated": "2026-05-29T14:03:35.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41266 (GCVE-0-2025-41266)
Vulnerability from cvelistv5 – Published: 2026-05-29 10:48 – Updated: 2026-05-29 14:33
VLAI
Summary
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host.
Severity
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | third-party-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41266",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T14:03:45.550756Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T14:33:46.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WF-500",
"vendor": "Waterfall",
"versions": [
{
"lessThanOrEqual": "7.9.1.0 R2502171040",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host.\u003c/p\u003e"
}
],
"value": "Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T10:48:08.952Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41266"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-41266",
"datePublished": "2026-05-29T10:48:08.952Z",
"dateReserved": "2025-04-16T09:53:41.253Z",
"dateUpdated": "2026-05-29T14:33:46.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41265 (GCVE-0-2025-41265)
Vulnerability from cvelistv5 – Published: 2026-05-29 10:41 – Updated: 2026-05-29 14:36
VLAI
Summary
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host.
Severity
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | third-party-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41265",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T14:36:00.476872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T14:36:09.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WF-500",
"vendor": "Waterfall",
"versions": [
{
"lessThanOrEqual": "7.9.1.0 R2502171040",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host.\u003c/p\u003e"
}
],
"value": "Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T10:41:12.429Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41265"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-41265",
"datePublished": "2026-05-29T10:41:12.429Z",
"dateReserved": "2025-04-16T09:53:41.253Z",
"dateUpdated": "2026-05-29T14:36:09.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40904 (GCVE-0-2025-40904)
Vulnerability from cvelistv5 – Published: 2026-05-19 13:23 – Updated: 2026-05-19 13:56
VLAI
Title
HTML injection in Smart Polling in Guardian/CMC before 26.1.0
Summary
A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remote strategy in the Smart Polling functionality, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
Severity
6.5 (Medium)
CWE
- CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Nozomi Networks | Guardian |
Affected:
0 , < 26.1.0
(semver)
|
|
| Nozomi Networks | CMC |
Affected:
0 , < 26.1.0
(semver)
|
Date Public
2026-05-19 07:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-19T13:56:22.113514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T13:56:35.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Guardian",
"vendor": "Nozomi Networks",
"versions": [
{
"lessThan": "26.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMC",
"vendor": "Nozomi Networks",
"versions": [
{
"lessThan": "26.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.1.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.1.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This issue was found by Stefano Libero and Andrea Palanca of Nozomi Networks Product Security team during an internal investigation."
}
],
"datePublic": "2026-05-19T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remote strategy in the Smart Polling functionality, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration."
}
],
"value": "A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remote strategy in the Smart Polling functionality, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T13:23:35.418Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://security.nozominetworks.com/NN-2026:7-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to v26.1.0 or later.\u003cbr\u003e"
}
],
"value": "Upgrade to v26.1.0 or later."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "HTML injection in Smart Polling in Guardian/CMC before 26.1.0",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Review all enabled sensors and disallow or delete untrusted ones.\u003cbr\u003e"
}
],
"value": "Review all enabled sensors and disallow or delete untrusted ones."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-40904",
"datePublished": "2026-05-19T13:23:35.418Z",
"dateReserved": "2025-04-16T09:04:35.923Z",
"dateUpdated": "2026-05-19T13:56:35.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40903 (GCVE-0-2025-40903)
Vulnerability from cvelistv5 – Published: 2026-05-19 13:22 – Updated: 2026-05-19 13:58
VLAI
Title
HTML injection in Schedule Restore Archive in Guardian/CMC before 26.1.0
Summary
A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected schedule, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
Severity
5.9 (Medium)
CWE
- CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Nozomi Networks | Guardian |
Affected:
0 , < 26.1.0
(semver)
|
|
| Nozomi Networks | CMC |
Affected:
0 , < 26.1.0
(semver)
|
Date Public
2026-05-19 07:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40903",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-19T13:58:03.055058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T13:58:34.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Guardian",
"vendor": "Nozomi Networks",
"versions": [
{
"lessThan": "26.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMC",
"vendor": "Nozomi Networks",
"versions": [
{
"lessThan": "26.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.1.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.1.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This issue was found by Stefano Libero and Andrea Palanca of Nozomi Networks Product Security team during an internal investigation."
}
],
"datePublic": "2026-05-19T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected schedule, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration."
}
],
"value": "A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected schedule, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T13:22:15.850Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://security.nozominetworks.com/NN-2026:6-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to v26.1.0 or later.\u003cbr\u003e"
}
],
"value": "Upgrade to v26.1.0 or later."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "HTML injection in Schedule Restore Archive in Guardian/CMC before 26.1.0",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use internal firewall features to limit access to the web management interface.\u003cbr\u003e"
}
],
"value": "Use internal firewall features to limit access to the web management interface."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Review all accounts with administrative access to it and delete unnecessary ones.\u003cbr\u003e"
}
],
"value": "Review all accounts with administrative access to it and delete unnecessary ones."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-40903",
"datePublished": "2026-05-19T13:22:15.850Z",
"dateReserved": "2025-04-16T09:04:35.923Z",
"dateUpdated": "2026-05-19T13:58:34.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40902 (GCVE-0-2025-40902)
Vulnerability from cvelistv5 – Published: 2026-05-19 13:21 – Updated: 2026-05-19 14:04
VLAI
Title
HTML injection in Users in Guardian/CMC before 26.1.0
Summary
A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing the affected user, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
Severity
5.9 (Medium)
CWE
- CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Nozomi Networks | Guardian |
Affected:
0 , < 26.1.0
(semver)
|
|
| Nozomi Networks | CMC |
Affected:
0 , < 26.1.0
(semver)
|
Date Public
2026-05-19 07:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40902",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-19T14:04:00.937056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T14:04:37.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Guardian",
"vendor": "Nozomi Networks",
"versions": [
{
"lessThan": "26.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMC",
"vendor": "Nozomi Networks",
"versions": [
{
"lessThan": "26.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.1.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.1.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This issue was found by Stefano Libero and Andrea Palanca of Nozomi Networks Product Security team during an internal investigation."
}
],
"datePublic": "2026-05-19T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing the affected user, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration."
}
],
"value": "A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing the affected user, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T13:21:02.668Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://security.nozominetworks.com/NN-2026:5-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to v26.1.0 or later.\u003cbr\u003e"
}
],
"value": "Upgrade to v26.1.0 or later."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "HTML injection in Users in Guardian/CMC before 26.1.0",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use internal firewall features to limit access to the web management interface.\u003cbr\u003e"
}
],
"value": "Use internal firewall features to limit access to the web management interface."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Review all accounts with administrative access to it and delete unnecessary ones.\u003cbr\u003e"
}
],
"value": "Review all accounts with administrative access to it and delete unnecessary ones."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Review usernames of existing users.\u003cbr\u003e"
}
],
"value": "Review usernames of existing users."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-40902",
"datePublished": "2026-05-19T13:21:02.668Z",
"dateReserved": "2025-04-16T09:04:35.923Z",
"dateUpdated": "2026-05-19T14:04:37.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40901 (GCVE-0-2025-40901)
Vulnerability from cvelistv5 – Published: 2026-05-19 13:19 – Updated: 2026-05-19 14:07
VLAI
Title
HTML injection in Credentials Manager in Guardian/CMC before 26.1.0
Summary
A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious identity containing HTML tags. When a victim attempts to delete the affected identity, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
Severity
5.9 (Medium)
CWE
- CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Nozomi Networks | Guardian |
Affected:
0 , < 26.1.0
(semver)
|
|
| Nozomi Networks | CMC |
Affected:
0 , < 26.1.0
(semver)
|
Date Public
2026-05-19 07:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-19T14:05:59.618937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T14:07:41.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Guardian",
"vendor": "Nozomi Networks",
"versions": [
{
"lessThan": "26.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMC",
"vendor": "Nozomi Networks",
"versions": [
{
"lessThan": "26.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.1.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.1.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This issue was found by Stefano Libero and Andrea Palanca of Nozomi Networks Product Security team during an internal investigation."
}
],
"datePublic": "2026-05-19T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious identity containing HTML tags. When a victim attempts to delete the affected identity, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration."
}
],
"value": "A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious identity containing HTML tags. When a victim attempts to delete the affected identity, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T13:19:45.819Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://security.nozominetworks.com/NN-2026:4-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to v26.1.0 or later.\u003cbr\u003e"
}
],
"value": "Upgrade to v26.1.0 or later."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "HTML injection in Credentials Manager in Guardian/CMC before 26.1.0",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use internal firewall features to limit access to the web management interface.\u003cbr\u003e"
}
],
"value": "Use internal firewall features to limit access to the web management interface."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Review all accounts with administrative access to it and delete unnecessary ones.\u003cbr\u003e"
}
],
"value": "Review all accounts with administrative access to it and delete unnecessary ones."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Review existing identities stored in the Credentials Manager.\u003cbr\u003e"
}
],
"value": "Review existing identities stored in the Credentials Manager."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-40901",
"datePublished": "2026-05-19T13:19:45.819Z",
"dateReserved": "2025-04-16T09:04:35.923Z",
"dateUpdated": "2026-05-19T14:07:41.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40900 (GCVE-0-2025-40900)
Vulnerability from cvelistv5 – Published: 2026-05-19 13:17 – Updated: 2026-05-19 14:09
VLAI
Title
Angular template injection in Reports in Guardian/CMC before 26.1.0
Summary
An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to import a malicious report template. When the victim views or imports the report, the Angular template executes in their browser context, allowing the attacker to modify application data, or disrupt application availability. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
Severity
4.6 (Medium)
CWE
- CWE-1336 - Improper neutralization of special elements used in a template engine
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Nozomi Networks | Guardian |
Affected:
0 , < 26.1.0
(semver)
|
|
| Nozomi Networks | CMC |
Affected:
0 , < 26.1.0
(semver)
|
Date Public
2026-05-19 07:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-19T14:09:06.088185Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T14:09:56.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Guardian",
"vendor": "Nozomi Networks",
"versions": [
{
"lessThan": "26.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMC",
"vendor": "Nozomi Networks",
"versions": [
{
"lessThan": "26.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.1.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.1.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This issue was found by Stefano Libero and Andrea Palanca of Nozomi Networks Product Security team during an internal investigation."
}
],
"datePublic": "2026-05-19T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to import a malicious report template. When the victim views or imports the report, the Angular template executes in their browser context, allowing the attacker to modify application data, or disrupt application availability. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration."
}
],
"value": "An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to import a malicious report template. When the victim views or imports the report, the Angular template executes in their browser context, allowing the attacker to modify application data, or disrupt application availability. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336 Improper neutralization of special elements used in a template engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T13:17:21.852Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://security.nozominetworks.com/NN-2026:3-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to v26.1.0 or later.\u003cbr\u003e"
}
],
"value": "Upgrade to v26.1.0 or later."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Angular template injection in Reports in Guardian/CMC before 26.1.0",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use internal firewall features to limit access to the web management interface.\u003cbr\u003e"
}
],
"value": "Use internal firewall features to limit access to the web management interface."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Review all accounts with access to it and delete unnecessary ones.\u003cbr\u003e"
}
],
"value": "Review all accounts with access to it and delete unnecessary ones."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-40900",
"datePublished": "2026-05-19T13:17:21.852Z",
"dateReserved": "2025-04-16T09:04:35.923Z",
"dateUpdated": "2026-05-19T14:09:56.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40899 (GCVE-0-2025-40899)
Vulnerability from cvelistv5 – Published: 2026-04-15 08:18 – Updated: 2026-05-12 12:08
VLAI
Title
Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0
Summary
A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the Assets or Nodes pages, the XSS executes in their browser context, allowing the attacker to perform unauthorized actions as the victim, such as modify application data, disrupt application availability, and access limited sensitive information.
Severity
CWE
- CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Nozomi Networks | Guardian |
Affected:
0 , < 26.0.0
(semver)
|
|
| Nozomi Networks | CMC |
Affected:
0 , < 26.0.0
(semver)
|
Date Public
2026-04-15 07:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T13:20:15.823575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T13:20:23.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM APE1808",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:08:09.687Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-827968.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Guardian",
"vendor": "Nozomi Networks",
"versions": [
{
"lessThan": "26.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMC",
"vendor": "Nozomi Networks",
"versions": [
{
"lessThan": "26.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.0.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.0.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This issue was found by Andrea Palanca of Nozomi Networks Product Security team during an internal investigation."
}
],
"datePublic": "2026-04-15T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the Assets or Nodes pages, the XSS executes in their browser context, allowing the attacker to perform unauthorized actions as the victim, such as modify application data, disrupt application availability, and access limited sensitive information."
}
],
"value": "A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the Assets or Nodes pages, the XSS executes in their browser context, allowing the attacker to perform unauthorized actions as the victim, such as modify application data, disrupt application availability, and access limited sensitive information."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T08:18:36.427Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://security.nozominetworks.com/NN-2026:2-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to v26.0.0 or later.\u003cbr\u003e"
}
],
"value": "Upgrade to v26.0.0 or later."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use internal firewall features to limit access to the web management interface.\u003cbr\u003e"
}
],
"value": "Use internal firewall features to limit access to the web management interface."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Review all accounts with access to it and delete unnecessary ones.\u003cbr\u003e"
}
],
"value": "Review all accounts with access to it and delete unnecessary ones."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Review existing custom fields.\u003cbr\u003e"
}
],
"value": "Review existing custom fields."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-40899",
"datePublished": "2026-04-15T08:18:36.427Z",
"dateReserved": "2025-04-16T09:04:35.923Z",
"dateUpdated": "2026-05-12T12:08:09.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40897 (GCVE-0-2025-40897)
Vulnerability from cvelistv5 – Published: 2026-04-15 08:18 – Updated: 2026-05-12 12:08
VLAI
Title
Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0
Summary
An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform administrative actions on it, altering the rules configuration, and/or affecting their availability.
Severity
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Nozomi Networks | Guardian |
Affected:
0 , < 26.0.0
(semver)
|
|
| Nozomi Networks | CMC |
Affected:
0 , < 26.0.0
(semver)
|
Date Public
2026-04-15 07:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T13:20:41.584203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T13:20:48.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM APE1808",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:08:07.418Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-827968.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Guardian",
"vendor": "Nozomi Networks",
"versions": [
{
"lessThan": "26.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMC",
"vendor": "Nozomi Networks",
"versions": [
{
"lessThan": "26.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.0.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.0.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This issue was found by Andrea Palanca of Nozomi Networks Product Security team during an internal investigation."
}
],
"datePublic": "2026-04-15T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform administrative actions on it, altering the rules configuration, and/or affecting their availability."
}
],
"value": "An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform administrative actions on it, altering the rules configuration, and/or affecting their availability."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T08:18:05.174Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://security.nozominetworks.com/NN-2026:1-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to v26.0.0 or later.\u003cbr\u003e"
}
],
"value": "Upgrade to v26.0.0 or later."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Remove or revoke access to Threat Intelligence users with view-only privileges until a fix is applied.\u003cbr\u003e"
}
],
"value": "Remove or revoke access to Threat Intelligence users with view-only privileges until a fix is applied."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-40897",
"datePublished": "2026-04-15T08:18:05.174Z",
"dateReserved": "2025-04-16T09:04:35.922Z",
"dateUpdated": "2026-05-12T12:08:07.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3588 (GCVE-0-2026-3588)
Vulnerability from cvelistv5 – Published: 2026-03-09 15:41 – Updated: 2026-03-09 16:46
VLAI
Title
Server-Side Request Forgery (SSRF) in ikea dirigera
Summary
A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.
Severity
7.5 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | third-party-advisory |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T16:46:48.990061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T16:46:56.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "dirigera",
"vendor": "ikea",
"versions": [
{
"lessThanOrEqual": "2.866.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.\u003cbr\u003e"
}
],
"value": "A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T15:41:21.062Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-3588"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Server-Side Request Forgery (SSRF) in ikea dirigera",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2026-3588",
"datePublished": "2026-03-09T15:41:21.062Z",
"dateReserved": "2026-03-05T09:45:23.765Z",
"dateUpdated": "2026-03-09T16:46:56.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40896 (GCVE-0-2025-40896)
Vulnerability from cvelistv5 – Published: 2026-03-04 13:52 – Updated: 2026-03-04 14:11
VLAI
Title
Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0
Summary
The server certificate was not verified when an Arc agent connected to a Guardian or CMC.
A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive information (such as assets and alerts), impersonation of the server, or injection of spoofed data (such as false asset information or vulnerabilities) into the Guardian or CMC.
Severity
6.5 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nozomi Networks | Arc |
Affected:
0 , < 2.2.0
(semver)
|
Date Public
2026-03-04 08:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40896",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T14:11:20.778867Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T14:11:30.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arc",
"vendor": "Nozomi Networks",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nozomi_networks:arc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.2.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "This issue was found by Felix Eberstaller of Limes Security during a VAPT testing session commissioned by one of our customers."
}
],
"datePublic": "2026-03-04T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eThe server certificate was not verified when an Arc agent connected to a Guardian or CMC.\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003eA malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive information (such as assets and alerts), impersonation of the server, or injection of spoofed data (such as false asset information or vulnerabilities) into the Guardian or CMC.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "The server certificate was not verified when an Arc agent connected to a Guardian or CMC.\n\n\n\nA malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive information (such as assets and alerts), impersonation of the server, or injection of spoofed data (such as false asset information or vulnerabilities) into the Guardian or CMC."
}
],
"impacts": [
{
"capecId": "CAPEC-475",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-475 Signature Spoofing by Improper Validation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T13:52:52.749Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://security.nozominetworks.com/NN-2025:18-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eUpgrade Arc to v2.2.0 or later.\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Upgrade Arc to v2.2.0 or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-40896",
"datePublished": "2026-03-04T13:52:52.749Z",
"dateReserved": "2025-04-16T09:04:35.922Z",
"dateUpdated": "2026-03-04T14:11:30.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40895 (GCVE-0-2025-40895)
Vulnerability from cvelistv5 – Published: 2026-03-04 13:52 – Updated: 2026-03-04 14:18
VLAI
Title
HTML injection in Sensor Map in CMC before 25.6.0
Summary
A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties.
A malicious authenticated user with administrator privileges on a Guardian connected to a CMC can edit the Guardian's properties to inject HTML tags. If the Sensor Map functionality is enabled in the CMC, when a victim CMC user interacts with it, then the injected HTML may render in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nozomi Networks | CMC |
Affected:
0 , < 25.6.0
(semver)
|
Date Public
2026-03-04 08:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T14:17:55.486103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T14:18:04.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CMC",
"vendor": "Nozomi Networks",
"versions": [
{
"lessThan": "25.6.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.6.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This issue was found by Stefano Libero of Nozomi Networks Product Security team during an internal investigation."
}
],
"datePublic": "2026-03-04T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eA Stored HTML Injection vulnerability was discovered in the CMC\u0027s Sensor Map functionality due to improper validation on connected Guardians\u0027 properties.\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003eA malicious authenticated user with administrator privileges on a Guardian connected to a CMC can edit the Guardian\u0027s properties to inject HTML tags. If the Sensor Map functionality is enabled in the CMC, when a victim CMC user interacts with it, then the injected HTML may render in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "A Stored HTML Injection vulnerability was discovered in the CMC\u0027s Sensor Map functionality due to improper validation on connected Guardians\u0027 properties.\n\n\n\nA malicious authenticated user with administrator privileges on a Guardian connected to a CMC can edit the Guardian\u0027s properties to inject HTML tags. If the Sensor Map functionality is enabled in the CMC, when a victim CMC user interacts with it, then the injected HTML may render in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T13:52:13.689Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://security.nozominetworks.com/NN-2025:17-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eUpgrade to v25.6.0 or later.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Upgrade to v25.6.0 or later."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "HTML injection in Sensor Map in CMC before 25.6.0",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-40895",
"datePublished": "2026-03-04T13:52:13.689Z",
"dateReserved": "2025-04-16T09:04:35.922Z",
"dateUpdated": "2026-03-04T14:18:04.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40894 (GCVE-0-2025-40894)
Vulnerability from cvelistv5 – Published: 2026-03-04 13:51 – Updated: 2026-05-12 12:08
VLAI
Title
HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0
Summary
A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter.
A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alerted Nodes Dashboard, and alerts are reported for the affected node, then the injected HTML may render in the browser of a victim user interacting with it, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Nozomi Networks | Guardian |
Affected:
0 , < 25.6.0
(semver)
|
|
| Nozomi Networks | CMC |
Affected:
0 , < 25.6.0
(semver)
|
Date Public
2026-03-04 08:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T14:18:33.627989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T14:18:40.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM APE1808",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:08:06.294Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-827968.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Guardian",
"vendor": "Nozomi Networks",
"versions": [
{
"lessThan": "25.6.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMC",
"vendor": "Nozomi Networks",
"versions": [
{
"lessThan": "25.6.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.6.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.6.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This issue was found by Stefano Libero of Nozomi Networks Product Security team during an internal investigation."
}
],
"datePublic": "2026-03-04T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eA Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter.\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003eA malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alerted Nodes Dashboard, and alerts are reported for the affected node, then the injected HTML may render in the browser of a victim user interacting with it, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter.\n\n\n\nA malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alerted Nodes Dashboard, and alerts are reported for the affected node, then the injected HTML may render in the browser of a victim user interacting with it, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T13:51:14.413Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://security.nozominetworks.com/NN-2025:16-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eUpgrade to v25.6.0 or later.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Upgrade to v25.6.0 or later."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-40894",
"datePublished": "2026-03-04T13:51:14.413Z",
"dateReserved": "2025-04-16T09:04:25.007Z",
"dateUpdated": "2026-05-12T12:08:06.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26102 (GCVE-0-2026-26102)
Vulnerability from cvelistv5 – Published: 2026-02-20 16:56 – Updated: 2026-02-20 23:02
VLAI
Title
Incorrect Permission Assignment for Critical Resource in Owl opds
Summary
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.
Severity
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | third-party-advisory |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26102",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T17:42:44.564322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T23:02:51.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "opds",
"vendor": "Owl",
"versions": [
{
"lessThanOrEqual": "2.2.0.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello at Nozomi Networks"
},
{
"lang": "en",
"type": "finder",
"value": "Gabriele Quagliarella at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.\u003cbr\u003e"
}
],
"value": "Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:56:18.873Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-26102"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Permission Assignment for Critical Resource in Owl opds",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2026-26102",
"datePublished": "2026-02-20T16:56:18.873Z",
"dateReserved": "2026-02-11T09:59:47.767Z",
"dateUpdated": "2026-02-20T23:02:51.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26101 (GCVE-0-2026-26101)
Vulnerability from cvelistv5 – Published: 2026-02-20 16:55 – Updated: 2026-02-20 23:03
VLAI
Title
Incorrect Permission Assignment for Critical Resource in Owl opds
Summary
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.
Severity
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | third-party-advisory |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26101",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T17:43:14.074005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T23:03:04.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "opds",
"vendor": "Owl",
"versions": [
{
"lessThanOrEqual": "2.2.0.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello at Nozomi Networks"
},
{
"lang": "en",
"type": "finder",
"value": "Gabriele Quagliarella at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.\u003cbr\u003e"
}
],
"value": "Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:55:50.430Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-26101"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Permission Assignment for Critical Resource in Owl opds",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2026-26101",
"datePublished": "2026-02-20T16:55:50.430Z",
"dateReserved": "2026-02-11T09:59:47.767Z",
"dateUpdated": "2026-02-20T23:03:04.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}