SB2025101495 - Multiple vulnerabilities in Microsoft Windows BitLocker
Published: October 14, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 vulnerabilities.
1) Incomplete Comparison with Missing Factors (CVE-ID: CVE-2025-55333)
CWE-ID: CWE-1023 - Incomplete Comparison with Missing Factors
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to incomplete comparison with missing factors in Windows BitLocker. An attacker with physical access can bypass a security feature and gain access to encrypted data.
2) Improper Enforcement of Behavioral Workflow (CVE-ID: CVE-2025-55682)
CWE-ID: CWE-841 - Improper Enforcement of Behavioral Workflow
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to improper enforcement of behavioral workflow in Windows BitLocker. An attacker with physical access can bypass a security feature and gain access to encrypted data.
3) Improper Enforcement of Behavioral Workflow (CVE-ID: CVE-2025-55337)
CWE-ID: CWE-841 - Improper Enforcement of Behavioral Workflow
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to improper enforcement of behavioral workflow in Windows BitLocker. An attacker with physical access can bypass a security feature and gain access to encrypted data.
4) Improper Enforcement of Behavioral Workflow (CVE-ID: CVE-2025-55332)
CWE-ID: CWE-841 - Improper Enforcement of Behavioral Workflow
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to improper enforcement of behavioral workflow in Windows BitLocker. An attacker with physical access can bypass a security feature and gain access to encrypted data.
5) Improper Enforcement of Behavioral Workflow (CVE-ID: CVE-2025-55330)
CWE-ID: CWE-841 - Improper Enforcement of Behavioral Workflow
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to improper enforcement of behavioral workflow in Windows BitLocker. An attacker with physical access can bypass a security feature and gain access to encrypted data.
6) Security features bypass (CVE-ID: CVE-2025-55338)
CWE-ID: CWE-254 - Security Features
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to missing ability to patch ROM code in Windows BitLocker. An attacker with physical access can bypass a security feature and gain access to encrypted data.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-55333
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-55682
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-55337
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-55332
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-55330
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-55338