CVE-2025-62004

Severity CVSS v4.0:

HIGH

Type:

Unavailable / Other

Publication date:

18/12/2025

Last modified:

19/12/2025

Description

BullWall Server Intrusion Protection services are initialized after login services. An authenticated attacker with administrative permissions can log in after boot and bypass MFA. SIP service does not retroactively enforce the challenge or disconnect unauthenticated sessions. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other versions before and after may also be affected.

Impact

Vector 4.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N CVSS v4.0 Severity and Metrics:

Base Score: 7.50 HIGH
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Attack Requirements (AT): Present
Privileges Required (PR): High
User Interaction (UI): None
Confidentiality (VC): High
Integrity (VI): High
Availability (VA): Low
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): None

Base Score 4.0

7.50

Severity 4.0

HIGH

Vector 3.x

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L CVSS v3.1 Severity and Metrics:

Base Score: 6.20 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): High
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): Low

Base Score 3.x

6.20

Severity 3.x

MEDIUM

CVE-2025-62004

Description

Impact

References to Advisories, Solutions, and Tools