BullWall Server Intrusion Protection initialization race condition_CVE-2025-62004

7.5 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Description

BullWall Server Intrusion Protection services are initialized after login services. An authenticated attacker with administrative permissions can log in after boot and bypass MFA. SIP service does not retroactively enforce the challenge or disconnect unauthenticated sessions. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other versions before and after may also be affected.

Basic Information

ID CVE-2025-62004

Source cisa-cg

Published Dec 18, 2025 at 20:36

Affected Product

Vendor BullWall

Product Server Intrusion Protection

Version 4.6.0.0

Affected Versions BullWall Server Intrusion Protection 4.6.0.0

CWE Classification

CWE-367

References

{
    "lastseen": "",
    "description": "BullWall Server Intrusion Protection services are initialized after login services. An authenticated attacker with administrative permissions can log in after boot and bypass MFA. SIP service does not retroactively enforce the challenge or disconnect unauthenticated sessions. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other versions before and after may also be affected.",
    "published": "2025-12-18T20:36:13.123Z",
    "modified": "2025-12-18T20:36:13.123Z",
    "type": "cve",
    "title": "BullWall Server Intrusion Protection initialization race condition",
    "source": "cisa-cg",
    "references": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/VA-25-352-01.json\nhttps://www.cve.org/CVERecord?id=CVE-2025-62004",
    "id": "CVE-2025-62004",
    "bulletinFamily": "",
    "cwe": [
        "CWE-367"
    ],
    "cvelist": null,
    "sourceData": "BullWall Server Intrusion Protection 4.6.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Server Intrusion Protection",
    "version": "4.6.0.0",
    "vendor": "BullWall",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}