CVE-2025-62004

BullWall Server Intrusion Protection services are initialized after login services. An authenticated attacker with administrative permissions can log in after boot and bypass MFA. SIP service does not retroactively enforce the challenge or disconnect unauthenticated sessions. Versions 4.6.0.0,...

CVE-2025-62004 BullWall Server Intrusion Protection (SIP) initialization race condition

BullWall Server Intrusion Protection SIP services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP...

CVE-2025-62004

CVE-2025-62004 affects BullWall Server Intrusion Protection (SIP); an initialization race causes SIP MFA to start after login services, enabling a local, authenticated attacker to log in after boot before SIP MFA runs and bypass MFA. Affected versions: 4.6.0.0, 4.6.0.6, 4.6.0.7, 4.6.1.4 (other ve...

BullWall Ransomware Containment and Server Intrusion Protection multiple vulnerabilities

RISK EVALUATION BullWall Ransomware Containment and Server Intrusion Protection are products used for ransomware containment. Multiple vulnerabilities were reported that when used individually or in conjunction could allow a remote attacker with valid credentials to log in to a system with...

BullWall Server Intrusion Protection 安全漏洞

BullWall Server Intrusion Protection is a server security software from the Danish company BullWall. A security vulnerability exists in BullWall Server Intrusion Protection versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4, which stems from a delayed MFA check and could lead to a privileged attacke...