SB2025101495 - Multiple vulnerabilities in Microsoft Windows BitLocker
Published: October 14, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Incomplete Comparison with Missing Factors (CVE-ID: CVE-2025-55333)
The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to incomplete comparison with missing factors in Windows BitLocker. An attacker with physical access can bypass a security feature and gain access to encrypted data.
2) Improper Enforcement of Behavioral Workflow (CVE-ID: CVE-2025-55682)
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to improper enforcement of behavioral workflow in Windows BitLocker. An attacker with physical access can bypass a security feature and gain access to encrypted data.
3) Improper Enforcement of Behavioral Workflow (CVE-ID: CVE-2025-55337)
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to improper enforcement of behavioral workflow in Windows BitLocker. An attacker with physical access can bypass a security feature and gain access to encrypted data.
4) Improper Enforcement of Behavioral Workflow (CVE-ID: CVE-2025-55332)
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to improper enforcement of behavioral workflow in Windows BitLocker. An attacker with physical access can bypass a security feature and gain access to encrypted data.
5) Improper Enforcement of Behavioral Workflow (CVE-ID: CVE-2025-55330)
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to improper enforcement of behavioral workflow in Windows BitLocker. An attacker with physical access can bypass a security feature and gain access to encrypted data.
6) Security features bypass (CVE-ID: CVE-2025-55338)
The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to missing ability to patch ROM code in Windows BitLocker. An attacker with physical access can bypass a security feature and gain access to encrypted data.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-55333
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-55682
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-55337
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-55332
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-55330
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-55338