CVE-2025-62003

BullWall Server Intrusion Protection has a noticeable delay before the MFA check when connecting via RDP. A remote authenticated attacker with administrative privileges can potentially bypass detection during this window. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be...

CVE-2025-62001

BullWall Ransomware Containment contains excluded file paths, such as '$recycle.bin' that are not monitored. An attacker with file write permissions could bypass detection by renaming a directory. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other versions before...

CVE-2025-62002

BullWall Ransomware Containment relies on the number of file modifications to trigger detection. An authenticated attacker could encrypt a single large file without triggering a detection alert. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other versions before a...

CVE-2025-62000

BullWall Ransomware Containment does not entirely inspect a file to determine if it is ransomware. An authenticated attacker could bypass detection by encrypting a file and leaving the first four bytes unaltered. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other...

CVE-2025-62003

BullWall Server Intrusion Protection has a noticeable configuration-dependent delay before the MFA check for RDP connections. A remote, authenticated attacker can potentially bypass detection during this delay. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions may also ...

CVE-2025-62004

BullWall Server Intrusion Protection SIP services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP...

CVE-2025-62003

BullWall Server Intrusion Protection has a noticeable configuration-dependent delay before the MFA check for RDP connections. A remote, authenticated attacker can potentially bypass detection during this delay. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions may also ...

CVE-2025-62002

BullWall Ransomware Containment considers the number of files modified to trigger detection. An authenticated attacker could encrypt a single possibly large file without triggering detection if thresholds are configured to require multiple file changes. The number of files to trigger detection ca...

CVE-2025-62002

BullWall Ransomware Containment considers the number of files modified to trigger detection. An authenticated attacker could encrypt a single possibly large file without triggering detection if thresholds are configured to require multiple file changes. The number of files to trigger detection ca...

CVE-2025-62000

BullWall Ransomware Containment may not always detect an encrypted file. This issue affects a specific file inspection method that evaluates file content based on header bytes. An authenticated attacker could encrypt files, preserving the first four bytes and preventing this particular method fro...

CVE-2025-62001

BullWall Ransomware Containment supports configurable file and directory exclusions such as '$RECYCLE.BIN' to balance monitoring scope and performance. Certain exclusion patterns could allow an authenticated attacker to rename directories in a way that avoids monitoring. Fixed in 4.6.1.14 and...

CVE-2025-62001

BullWall Ransomware Containment supports configurable file and directory exclusions such as '$RECYCLE.BIN' to balance monitoring scope and performance. Certain exclusion patterns could allow an authenticated attacker to rename directories in a way that avoids monitoring. Fixed in 4.6.1.14 and...

CVE-2025-62004 BullWall Server Intrusion Protection (SIP) initialization race condition

BullWall Server Intrusion Protection SIP services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP...

CVE-2025-62004 BullWall Server Intrusion Protection (SIP) initialization race condition

BullWall Server Intrusion Protection SIP services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP...

CVE-2025-62004

CVE-2025-62004 affects BullWall Server Intrusion Protection (SIP); an initialization race causes SIP MFA to start after login services, enabling a local, authenticated attacker to log in after boot before SIP MFA runs and bypass MFA. Affected versions: 4.6.0.0, 4.6.0.6, 4.6.0.7, 4.6.1.4 (other ve...

CVE-2025-62004

BullWall Server Intrusion Protection SIP services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP...

CVE-2025-62003

CVE-2025-62003 affects BullWall Server Intrusion Protection; a configuration-dependent delay before MFA check for RDP could allow a remote, authenticated attacker with administrative privileges to bypass detection during the delay. Affected versions: 4.6.0.0, 4.6.0.6, 4.6.0.7, 4.6.1.4 (other vers...

CVE-2025-62003 BullWall Server Intrusion Protection RDP MFA connection delay

BullWall Server Intrusion Protection has a noticeable configuration-dependent delay before the MFA check for RDP connections. A remote, authenticated attacker can potentially bypass detection during this delay. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions may also ...

CVE-2025-62003

BullWall Server Intrusion Protection has a noticeable configuration-dependent delay before the MFA check for RDP connections. A remote, authenticated attacker can potentially bypass detection during this delay. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions may also ...

CVE-2025-62003 BullWall Server Intrusion Protection RDP MFA connection delay

BullWall Server Intrusion Protection has a noticeable configuration-dependent delay before the MFA check for RDP connections. A remote, authenticated attacker can potentially bypass detection during this delay. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions may also ...