CVE-2025-62004

Опубликовано: 18 дек. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

BullWall Server Intrusion Protection (SIP) services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP MFA. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions mayy also be affected. BullWall plans to improve detection method documentation.

Ссылки

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-352-01.json
Broken Link
https://www.cve.org/CVERecord?id=CVE-2025-62004
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bullwall:server_intrusion_protection:4.6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:bullwall:server_intrusion_protection:4.6.0.6:*:*:*:*:*:*:*

cpe:2.3:a:bullwall:server_intrusion_protection:4.6.0.7:*:*:*:*:*:*:*

cpe:2.3:a:bullwall:server_intrusion_protection:4.6.1.4:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00049

Низкий

7.5 High

CVSS3

Дефекты

CWE-367

Связанные уязвимости

GHSA-chcm-jqp3-j5w3

CVSS3: 6.2

github

около 2 месяцев назад

BullWall Server Intrusion Protection services are initialized after login services. An authenticated attacker with administrative permissions can log in after boot and bypass MFA. SIP service does not retroactively enforce the challenge or disconnect unauthenticated sessions. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other versions before and after may also be affected.