CVE-2025-55330: Windows BitLocker Security Feature Bypass Vulnerability
Overview
- Severity
- Medium (CVSS 6.1)
- CVSS Vector
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
- Category
- Security Feature Bypass
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2025-Oct
- Released
- 2025-10-14
- EPSS Score
- 0.02% (percentile: 6.7%)
Description
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
FAQ
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.
Affected Products (11)
Windows
- Windows 11 Version 25H2 for x64-based Systems
- Windows 11 Version 25H2 for ARM64-based Systems
- Windows Server 2025 (Server Core installation)
- Windows 11 Version 23H2 for ARM64-based Systems
- Windows 11 Version 23H2 for x64-based Systems
- Windows Server 2022, 23H2 Edition (Server Core installation)
- Windows 11 Version 24H2 for ARM64-based Systems
- Windows 11 Version 24H2 for x64-based Systems
- Windows Server 2025
ESU
- Windows 11 Version 22H2 for ARM64-based Systems
- Windows 11 Version 22H2 for x64-based Systems
Security Updates (3)
Acknowledgments
<a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM), <a href="https://x.com/alon_leviev">Alon Leviev</a> with Microsoft (STORM)
Revision History
- 2025-10-14: Information published.