Advisory ID
BWD-2026-002
Published
January 15, 2026
Last Updated
January 15, 2026
Severity
High
CVSS Base Score
8.7
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE
CWE-420
CVE
CVE-2025-62001
Description
BullWall Ransomware Containment supports configurable file and directory exclusions such as ‘$RECYCLE.BIN’ to balance monitoring scope and performance. Certain exclusion patterns could allow an authenticated attacker to rename directories in a way that avoids monitoring. Fixed in 4.6.1.14 and 5.0.0.42, which remove hardcoded exclusion behavior and exposes exclusion handling as configurable settings.
Impact
Confidentiality
No Impact
Integrity
No Impact
Availability
No Impact
Affected Products and Versions
Product / Components
BullWall RC
Affected Versions
Versions < 4.6.1.4
Fixed Versions
4.6.1.14, 5.0.0.42
Solution
- Excluded paths are an explicit, configurable feature.
- The impact is configuration-dependent; if no paths are excluded, the described behavior does not apply.
- The advisory may read as if this is an unavoidable hardcoded bypass, which does not reflect actual product behavior.
Mitigations / Workarounds
This issue has been fixed and released in RC 4.6.1.14 and 5.0.0.42, with improved exclusion handling and safer defaults.
Detections
BullWall does not currently provide a detection for this issue.
Acknowledgements
BullWall thanks the reporter for responsibly disclosing this issue.
