CVE-2025-62004

BullWall Server Intrusion Protection services are initialized after login services. An authenticated attacker with administrative permissions can log in after boot and bypass MFA. SIP service does not retroactively enforce the challenge or disconnect unauthenticated sessions. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other versions before and after may also be affected.
TOCTOU
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.2 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
cisa-cgCNA
6.2 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Common Weakness Enumeration
References
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/VA-25-352-01.json
https://www.cve.org/CVERecord?id=CVE-2025-62004