Security Advisories

BullWall publishes security advisories to communicate information about vulnerabilities and security fixes affecting BullWall products and services.

Each advisory provides details on the issue, affected versions, severity, and recommended remediation steps. Customers should review advisories to determine applicability to their environment and take appropriate action.

If you believe you have discovered a security vulnerability in a BullWall product, please report it responsibly by contacting:
security@bullwall.com

Advisory ID	Date Published	Title	Severity	CVE
BWD-2026-001	2026-01-15	Encrypting a file while leaving the first four bytes unaltered bypasses detection.	Medium	CVE-2025-62000
BWD-2026-002	2026-01-15	Excluded paths (e.g. $RECYCLE.BIN) allow detection bypass by renaming a directory.	High	CVE-2025-62001
BWD-2026-003	2026-01-15	Single-file encryption may not trigger detection due to reliance on modification thresholds.	Medium	CVE-2025-62002
BWD-2026-004	2026-01-15	Delay before MFA enforcement on RDP connections.	High	CVE-2025-62003
BWD-2026-005	2026-01-15	SIP initializes after login services, allowing post-boot login before MFA enforcement.	High	CVE-2025-62004

SVD	BWD-2026-001
Published	2026-01-15
Title	Encrypting a file while leaving the first four bytes unaltered bypasses detection.
Severity	Medium
CVE	CVE-2025-62000

SVD	BWD-2026-002
Published	2026-01-15
Title	Excluded paths (e.g. $RECYCLE.BIN) allow detection bypass by renaming a directory.
Severity	High
CVE	CVE-2025-62001

SVD	BWD-2026-003
Published	2026-01-15
Title	Single-file encryption may not trigger detection due to reliance on modification thresholds.
Severity	Medium
CVE	CVE-2025-62002

SVD	BWD-2026-004
Published	2026-01-15
Title	Delay before MFA enforcement on RDP connections.
Severity	High
CVE	CVE-2025-62003

SVD	BWD-2026-005
Published	2026-01-15
Title	SIP initializes after login services, allowing post-boot login before MFA enforcement.
Severity	High
CVE	CVE-2025-62004