Advisory ID
BWD-2026-004
Published
January 15, 2026
Last Updated
January 15, 2026
Severity
High
CVSS Base Score
7.7
CVSS Vector
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE
CWE-367
CVE
CVE-2025-62003
Description
BullWall Server Intrusion Protection has a noticeable configuration-dependent delay before the MFA check for RDP connections. A remote, authenticated attacker can potentially bypass detection during this delay. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions may also be affected.
Impact
Confidentiality
No Impact
Integrity
No Impact
Availability
No Impact
Affected Products and Versions
Product / Components
BullWall SIP
Affected Versions
Versions < 4.6.1.4
Fixed Versions
4.6.1.14
Solution
SIP is designed to detect intrusions post-login rather than operate as a pre-authentication gateway.
Exploitability requires authenticated administrative access and precise timing.
The behaviour is version- and configuration-dependent.
Mitigations / Workarounds
We are tightening enforcement timing as part of ongoing hardening work.
Detections
BullWall does not currently provide a detection for this issue.
Acknowledgements
BullWall thanks the reporter for responsibly disclosing this issue.
