SB2025070992 - Multiple vulnerabilities in Microsoft BitLocker 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025070992

SB2025070992 - Multiple vulnerabilities in Microsoft BitLocker

Published: July 9, 2025

Security Bulletin ID SB2025070992
Severity
Low
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Physical access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Acceptance of Extraneous Untrusted Data With Trusted Data (CVE-ID: CVE-2025-48804)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to acceptance of extraneous untrusted data with trusted data in BitLocker. An attacker with physical access can bypass the BitLocker Device Encryption feature on the system storage device.


2) Protection Mechanism Failure (CVE-ID: CVE-2025-48003)

The vulnerability allows a local attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures in BitLocker. An attacker with physical access can bypass implemented security restrictions and elevate privileges on the system.


3) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2025-48001)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to a time-of-check, time-of-use (TOCTOU) race condition in BitLocker. An attacker with physical access can win a race condition and bypass the BitLocker Device Encryption feature on the system storage device.


4) Protection Mechanism Failure (CVE-ID: CVE-2025-48800)

The vulnerability allows a local attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures in BitLocker. An attacker with physical access can bypass implemented security restrictions and elevate privileges on the system.


5) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2025-48818)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to a time-of-check, time-of-use (TOCTOU) race condition in BitLocker. An attacker with physical access can win a race condition and bypass the BitLocker Device Encryption feature on the system storage device.


Remediation

Install update from vendor's website.

References