CVE-2025-62000

moderate-risk
Published 2025-12-18

BullWall Ransomware Containment may not always detect an encrypted file. This issue affects a specific file inspection method that evaluates file content based on header bytes. An authenticated attacker could encrypt files, preserving the first four bytes and preventing this particular method from triggering. The affected product implements additional integrity-based detection mechanisms capable of identifying file corruption or encryption for some common file extensions independent of header bytes. As a result, this vulnerability does not represent a complete bypass of ransomware detection, but a limitation of one detection method when evaluated independently. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions may also be affected. BullWall plans to improve detection method documentation.

Do I need to act?

-
0.01% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.1/10 High
LOCAL / LOW complexity

Affected Products (4)

Ransomware Containment
Ransomware Containment
Ransomware Containment
Ransomware Containment

Affected Vendors

Bullwall

References (2)

Broken Link https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/...
Third Party Advisory https://www.cve.org/CVERecord?id=CVE-2025-62000
32
/ 100
moderate-risk
Severity 22/34 · High
Exploitability 0/34 · Minimal
Exposure 10/34 · Low