{"timestamp":"2026-01-08T18:14:44.407193Z","id":"CVE-2025-62002","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"BullWall","product":"Ransomware Containment","defaultStatus":"unknown","versions":[{"version":"4.6.0.0","lessThan":"*","versionType":"custom","status":"affected"}]}]

{"timestamp":"2025-10-06T19:36:16.621284Z","id":"CVE-2025-62002","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

BullWall Ransomware Containment relies on the number of file modifications to trigger detection. An authenticated attacker could encrypt a single large file without triggering a detection alert if thresholds are configured to require multiple file changes. The number of files to cause a detection alert can be configured by the user. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other versions before and after may also be affected.

BullWall Ransomware Containment considers the number of files modified to trigger detection. An authenticated attacker could encrypt a single (possibly large) file without triggering detection if thresholds are configured to require multiple file changes. The number of files to trigger detection can be configured by the user. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions may also be affected.

BullWall Ransomware Containment relies on the number of file modifications to trigger detection. An authenticated attacker could encrypt a single large file without triggering a detection alert. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other versions before and after may also be affected.

BullWall Ransomware Containment relies on the number of file modifications to trigger detection. An authenticated attacker could encrypt a single large file without triggering a detection alert if thresholds are configured to require multiple file changes. The number of files to cause a detection alert can be configured by the user. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other versions before and after may also be affected.

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

OR
          *cpe:2.3:a:bullwall:ransomware_containment:4.6.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:bullwall:ransomware_containment:4.6.0.6:*:*:*:*:*:*:*
          *cpe:2.3:a:bullwall:ransomware_containment:4.6.0.7:*:*:*:*:*:*:*
          *cpe:2.3:a:bullwall:ransomware_containment:4.6.1.4:*:*:*:*:*:*:*

Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government: https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/VA-25-352-01.json Types: Broken Link

Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government: https://www.cve.org/CVERecord?id=CVE-2025-62002 Types: Third Party Advisory

BullWall Ransomware Containment relies on the number of file modifications to trigger detection. An authenticated attacker could encrypt a single large file without triggering a detection alert. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other versions before and after may also be affected.

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-358

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/VA-25-352-01.json

https://www.cve.org/CVERecord?id=CVE-2025-62002