CVE-2025-48804: Windows BitLocker Security Feature Bypass Vulnerability

Overview

Severity

Medium (CVSS 6.8)

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Security Feature Bypass

Exploit Status

Not Exploited

Exploitation Likelihood

More Likely

Patch Tuesday

2025-Jul

Released

2025-07-08

EPSS Score

0.17% (percentile: 38.0%)

Description

Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

FAQ

What kind of security feature could be bypassed by successfully exploiting this vulnerability? A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by loading a WinRE.wim file while the OS volume is unlocked, granting access to BitLocker encrypted data. Are there any further actions I need to take to be protected from this boot manager rollback vulnerability? Boot manager Secure Version Number/SVN has been incremented and optional Bootmgr SVN revision DBXUpdate has been included in updates released on or after July 9, 2024 security update. Refer to How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 for guidance on how to apply these revocations to get full protection from boot manager rollback vulnerabilities.

Affected Products (31)

Windows

• Windows 10 Version 1809 for 32-bit Systems
• Windows 10 Version 1809 for x64-based Systems
• Windows Server 2019
• Windows Server 2019 (Server Core installation)
• Windows Server 2022
• Windows Server 2022 (Server Core installation)
• Windows 10 Version 21H2 for 32-bit Systems
• Windows 10 Version 21H2 for ARM64-based Systems
• Windows 10 Version 21H2 for x64-based Systems
• Windows Server 2025 (Server Core installation)
• Windows 11 Version 23H2 for ARM64-based Systems
• Windows 11 Version 23H2 for x64-based Systems
• Windows Server 2022, 23H2 Edition (Server Core installation)
• Windows 11 Version 24H2 for ARM64-based Systems
• Windows 11 Version 24H2 for x64-based Systems
• Windows Server 2025
• Windows 10 for 32-bit Systems
• Windows 10 for x64-based Systems
• Windows 10 Version 1607 for 32-bit Systems
• Windows 10 Version 1607 for x64-based Systems
• Windows Server 2016
• Windows Server 2016 (Server Core installation)

ESU

• Windows 11 Version 22H2 for ARM64-based Systems
• Windows 11 Version 22H2 for x64-based Systems
• Windows 10 Version 22H2 for x64-based Systems
• Windows 10 Version 22H2 for ARM64-based Systems
• Windows 10 Version 22H2 for 32-bit Systems
• Windows Server 2012
• Windows Server 2012 (Server Core installation)
• Windows Server 2012 R2
• Windows Server 2012 R2 (Server Core installation)

Security Updates (10)

• 5062557
• 5062572
• 5062554
• 5062552
• 5062553
• 5062570
• 5062561
• 5062560
• 5062592
• 5062597

Acknowledgments

Netanel Ben Simon with Microsoft Offensive Research &amp; Security Engineering (MORSE), <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft Offensive Research &amp; Security Engineering (MORSE)

Revision History

• 2025-07-08: Information published.