Server Intrusion Protection (SIP)

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-62004	BullWall Server Intrusion Protection (SIP)		0.00	—	0.00		Dec 18, 2025	BullWall Server Intrusion Protection (SIP) services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP MFA. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions mayy also be affected. BullWall plans to improve detection method documentation.
CVE-2025-62003	BullWall Server Intrusion Protection (SIP)		0.00	—	0.00		Dec 18, 2025	BullWall Server Intrusion Protection has a noticeable configuration-dependent delay before the MFA check for RDP connections. A remote, authenticated attacker can potentially bypass detection during this delay. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions may also be affected.

CVE-2025-62004Dec 18, 2025
BullWall
Server Intrusion Protection (SIP)
risk 0.00cvss —epss 0.00
BullWall Server Intrusion Protection (SIP) services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP MFA. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions mayy also be affected. BullWall plans to improve detection method documentation.
CVE-2025-62003Dec 18, 2025
BullWall
Server Intrusion Protection (SIP)
risk 0.00cvss —epss 0.00
BullWall Server Intrusion Protection has a noticeable configuration-dependent delay before the MFA check for RDP connections. A remote, authenticated attacker can potentially bypass detection during this delay. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions may also be affected.