CVE-2025-62003 HIGH

CVE-2025-62003: BullWall Server Intrusion Protection RDP MFA connection delay

Vendor Bullwall
Product Server Intrusion Protection
Weakness CWE-367
Published December 18, 2025
Last update January 15, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

BullWall Server Intrusion Protection has a noticeable configuration-dependent delay before the MFA check for RDP connections. A remote, authenticated attacker can potentially bypass detection during this delay. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions may also be affected.

Key dates

02Disclosure timeline

December 18, 2025 CVE published
January 15, 2026 Record updated