CVE-2025-62000

BullWall Ransomware Containment may not always detect an encrypted file. This issue affects a specific file inspection method that evaluates file content based on header bytes. An authenticated attacker could encrypt files, preserving the first four bytes and preventing this particular method from triggering. The affected product implements additional integrity-based detection mechanisms capable of identifying file corruption or encryption for some common file extensions independent of header bytes. As a result, this vulnerability does not represent a complete bypass of ransomware detection, but a limitation of one detection method when evaluated independently. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions may also be affected. BullWall plans to improve detection method documentation.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-352-01.json	Broken Link
https://www.cve.org/CVERecord?id=CVE-2025-62000	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bullwall:ransomware_containment:4.6.0.0:::::::*
	cpe:2.3:a:bullwall:ransomware_containment:4.6.0.6:::::::*
	cpe:2.3:a:bullwall:ransomware_containment:4.6.0.7:::::::*
	cpe:2.3:a:bullwall:ransomware_containment:4.6.1.4:::::::*

History

No history.

Information

Published : 2025-12-18 21:15

Updated : 2026-01-14 22:15

NVD link : CVE-2025-62000

Mitre link : CVE-2025-62000

CVE.ORG link : CVE-2025-62000

JSON object : View

Products Affected

bullwall

ransomware_containment

CWE

CWE-1023

Incomplete Comparison with Missing Factors

{"id": "CVE-2025-62000", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-12-18T21:15:53.800", "references": [{"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-352-01.json", "tags": ["Broken Link"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-62000", "tags": ["Third Party Advisory"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "description": [{"lang": "en", "value": "CWE-1023"}]}], "descriptions": [{"lang": "en", "value": "BullWall Ransomware Containment may not always detect an encrypted file. This issue affects a specific file inspection method that evaluates file content based on header bytes. An authenticated attacker could encrypt files, preserving the first four bytes and preventing this particular method from triggering. The affected product implements additional integrity-based detection mechanisms capable of identifying file corruption or encryption for some common file extensions independent of header bytes. As a result, this vulnerability does not represent a complete bypass of ransomware detection, but a limitation of one detection method when evaluated independently. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions may also be affected. BullWall plans to improve detection method documentation."}], "lastModified": "2026-01-14T22:15:50.893", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bullwall:ransomware_containment:4.6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9063E06B-5B57-4202-8925-047445026427"}, {"criteria": "cpe:2.3:a:bullwall:ransomware_containment:4.6.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96C6A9F2-189B-4DA7-B042-962692E0E8DA"}, {"criteria": "cpe:2.3:a:bullwall:ransomware_containment:4.6.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "670068FD-1DB4-4CB9-8872-4BA200070926"}, {"criteria": "cpe:2.3:a:bullwall:ransomware_containment:4.6.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EED0194-E90E-443A-A33C-DA6EE47B2DD9"}], "operator": "OR"}]}], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725"}