Which versions of BridgeHead FileStore are affected by EUVD-2026-25569?

BridgeHead FileStore versions prior to 24A contain a critical remote code execution vulnerability (CVSS 9.8) in Apache Axis2 that allows unauthenticated attackers to execute arbitrary operating…. A patch is available.

Is there a public PoC exploit available for EUVD-2026-25569?

Yes, a public proof-of-concept exploit is available for EUVD-2026-25569. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate EUVD-2026-25569?

Within 24 hours: Identify all BridgeHead FileStore instances running versions before 24A; isolate affected systems from production networks or restrict network access to the Axis2 admin console (default port 8080) at network perimeter. Within 7 days: Upgrade all BridgeHead FileStore deployments to version 24A or later; reset all Axis2 default credentials immediately upon deployment. Within 30 days: Conduct forensic review of access logs and system activity on previously vulnerable instances to detect indicators of compromise; implement network segmentation and access controls to restrict admin console access to authorized administrative networks only.

BridgeHead FileStore EUVD-2026-25569

Q: What is the CVSS score of EUVD-2026-25569?

EUVD-2026-25569 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

| CVE-2026-39920 CRITICAL

Initialization of a Resource with an Insecure Default (CWE-1188)

2026-04-24 VulnCheck

Information Disclosure Java Apache

9.3

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

9.3 CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 24, 2026 - 17:55 vuln.today

Public exploit code

Patch released

Apr 24, 2026 - 17:55 nvd

Patch available

Apr 24, 2026 - 17:01 EUVD

Re-analysis Queued

Apr 24, 2026 - 16:22 vuln.today

cvss_changed

CVSS changed

Apr 24, 2026 - 16:22 NVD

9.8 (CRITICAL) 9.3 (CRITICAL)

Analysis Generated

Apr 24, 2026 - 16:15 vuln.today

EUVD ID Assigned

Apr 24, 2026 - 16:00 euvd

EUVD-2026-25569

Analysis Generated

Apr 24, 2026 - 16:00 vuln.today

CVE Published

Apr 24, 2026 - 15:48 nvd

CRITICAL 9.3

DescriptionCVE.org

BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console using default credentials, upload a malicious Java archive as a web service, and execute arbitrary commands on the host via SOAP requests to the deployed service.

AnalysisAI

Remote code execution in BridgeHead FileStore pre-24A via Apache Axis2 default credentials allows unauthenticated attackers to deploy malicious web services and execute arbitrary OS commands. The vulnerability exploits exposed Axis2 admin console with unchanged default credentials, enabling full system compromise over the network with no authentication required. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Network scan for Axis2 endpoints

Delivery

Authenticate with default credentials

Exploit

Upload malicious AAR service

Execution

Send SOAP request to deployed service

Persist

Execute arbitrary OS commands

Impact

Exfiltrate healthcare data or establish persistence

Access

Network scan for Axis2 endpoints

Delivery

Authenticate with default credentials

Exploit

Upload malicious AAR service

Execution

Send SOAP request to deployed service

Persist

Execute arbitrary OS commands

Impact

Exfiltrate healthcare data or establish persistence

Vulnerability AssessmentAI

Exploitation	Apache Axis2 administration module must be network-accessible on the FileStore installation (default deployment configuration for pre-24A versions). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	This represents critical real-world risk requiring immediate prioritization. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	Attacker performs network reconnaissance to identify BridgeHead FileStore instances exposing Apache Axis2 endpoints (typically port 8080 or 8443 with /axis2/ path). Using publicly available exploit code from GitHub (https://gist.github.com/VAMorales/9e6a13d7529c079a363930dff48be3ba), attacker authenticates to the Axis2 admin console with default credentials. …
Remediation	Upgrade to BridgeHead FileStore version 24A or later, which removes or properly secures the exposed Apache Axis2 administration interface per vendor advisory at https://www.bridgeheadsoftware.com/rapid-data-protection-product-updates/. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all BridgeHead FileStore instances running versions before 24A; isolate affected systems from production networks or restrict network access to the Axis2 admin console (default port 8080) at network perimeter. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-28575 CRITICAL Act Now

10.0 Jun 17

Local denial of service in Android's PackageInstaller subsystem stems from a logic error in PackageInstallerSession.tran

CVE-2026-41699 CRITICAL Act Now

9.8 Jun 11

Remote code execution in Spring for GraphQL versions 1.3.0-1.3.8, 1.4.0-1.4.5, and 2.0.0-2.0.3 allows unauthenticated at

CVE-2026-47835 HIGH This Week

8.6 Jun 15

NoSQL/query injection in Spring AI Vector Stores (1.0.0-1.0.8 and 1.1.0-1.1.7) allows remote unauthenticated attackers t

CVE-2026-47825 HIGH This Week

8.6 Jun 15

Origin validation failure in Spring Cloud Gateway (WebMVC and WebFlux Server variants) allows remote attackers to spoof

CVE-2026-40999 HIGH This Week

8.6 Jun 11

Server-Side Request Forgery in Spring Web Services (versions 3.1.0-3.1.8, 4.0.0-4.0.18, 4.1.0-4.1.3, and 5.0.0-5.0.1) al

EUVD-2026-25569 vulnerability details – vuln.today

Back