CVE-2025-48804 · Acceptance of extraneous untrusted data with trusted data in Windows BitLocker

01 · The Real Story

This is a spare key left in the recovery toolbox, not a front-door internet break-in

CVE-2025-48804 is a Windows BitLocker security-feature bypass in the WinRE/boot trust chain: trusted recovery and boot artifacts can be mixed with attacker-controlled data so BitLocker auto-unlocks a volume for the wrong environment. NVD maps affected builds across Windows 10, Windows 11, and Windows Server releases prior to the July 8, 2025 fixes, including Windows 11 22H2 < 22621.5624, 23H2 < 22631.5624, 24H2 < 26100.4652, Windows 10 22H2 < 19045.6093, Server 2022 < 20348.3932, and Server 2025 < 26100.4652.

Microsoft's original MEDIUM 6.8 is broadly fair. The later Microsoft STORM research and the public BitUnlocker PoC prove the bypass is not theoretical, which pushes urgency up for mobile fleets using default TPM-only BitLocker; but the exploit still requires physical access, usually USB/PXE boot control, and often a still-trusted PCA 2011 boot path, so this is not a mass remote compromise event.

"Practical on stolen TPM-only laptops, but still a physical-access, one-device-at-a-time problem."

02 · The Attack Path

4 steps from start to impact.

STEP 01

Get hands on the endpoint

The attacker needs in-person access to a powered-off or rebootable Windows system protected by BitLocker. In practice this is a theft, lost-device, border-search, or malicious-insider scenario rather than an internet intrusion.

Conditions required:

Physical possession or hands-on access to the device
Ability to reboot the machine without the owner's intervention
Target uses BitLocker on the OS volume

Where this breaks in practice:

This is not reachable over the network
Asset tracking, MDM lock/wipe, and simple physical custody controls sharply reduce opportunities
Desktops in secure offices are far less exposed than traveling laptops

Detection/coverage: Vulnerability scanners cannot observe this attacker step. This is a physical-security and asset-exposure problem, not a socket-exposure problem.

STEP 02

Boot a crafted recovery path with BitUnlocker

The published garatc/BitUnlocker PoC uses a pre-patch bootmgfw.efi, a modified BCD, and a crafted SDI/WinRE chain over USB or PXE to steer the device into an attacker-controlled recovery flow. Microsoft STORM's research shows the weakness sits in WinRE/boot parsing and trust assumptions, not in cryptographic breakage of BitLocker itself.

Conditions required:

UEFI boot from USB/PXE or similar alternate path is possible
System still trusts a vulnerable boot manager chain, commonly PCA 2011
Configuration is compatible with the PoC path

Where this breaks in practice:

Secure Boot hardening with CA 2023 / REVISE breaks the downgrade path
Some enterprises disable external boot or protect firmware settings
The PoC itself lists non-exploitable cases such as CA 2023 migration or DBX revocation

Detection/coverage: Most VM tools only tell you the OS is unpatched; they do not verify PCA 2011 trust, DBX state, or alternate-boot permissiveness. Config-management and firmware-state auditing are required.

STEP 03

Let TPM auto-unlock the wrong environment

On vulnerable TPM-only deployments, the boot chain can still satisfy the measured-boot assumptions closely enough that BitLocker releases the volume master key to WinRE. The result is a command prompt or recovery context with the protected OS volume mounted in decrypted form.

Conditions required:

BitLocker configured as TPM-only, commonly PCR 7 + 11
No pre-boot PIN or startup key blocking transparent unlock
Measured-boot policy does not include stricter PCR coverage that detects the path change

Where this breaks in practice:

TPM+PIN or TPM+startup-key is a hard stop for the mainstream PoC
Non-default PCR policy can also stop the chain
This remains one-host-at-a-time even when it works

Detection/coverage: EDR has little visibility before the main OS loads. Eventing around BitLocker protectors, Secure Boot certificate migration, and firmware-policy drift is more useful than runtime malware telemetry here.

STEP 04

Read or exfiltrate data from the decrypted volume

Once in the attacker-controlled WinRE shell, standard tools such as cmd.exe, diskpart, and file-copy utilities are enough to mount the volume, stage files, and extract secrets. The realistic impact is offline data theft, tampering, or persistence staging on that single endpoint.

Conditions required:

Recovered shell or recovery environment with the OS volume mounted
Sufficient local storage or attached media for exfiltration

Where this breaks in practice:

Impact is limited to the device in hand unless that device also stores reusable enterprise secrets
If high-value credentials are absent or well-protected, blast radius stays local

Detection/coverage: Traditional network IDS, WAF, and GreyNoise-style internet telemetry do not apply. Forensics may later find unusual boot media artifacts or firmware/BCD changes, but prevention is stronger than detection here.

03 · Intelligence Metadata

The supporting signals.

In-the-wild status	No authoritative evidence of widespread active exploitation found as of 2026-05-28. This is not in CISA KEV, but public research and a working PoC now exist.
KEV status	Not KEV-listed in the CISA catalog as of 2026-05-28.
Proof-of-concept availability	Yes. `garatc/BitUnlocker` publicly demonstrates a downgrade attack path, with a release dated 2026-05-02 and explicit instructions for USB/PXE delivery.
EPSS	User-supplied EPSS is 0.00427 (~0.427% 30-day probability). Third-party mirrors place it around the 11th percentile, which matches the general story: practical but not commonly exploited at scale.
CVSS vector	`CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` = physical access required, no prior auth, and potentially severe confidentiality/integrity/availability impact on the single device once reached.
Affected versions	NVD lists affected Windows 10, 11, and Server builds prior to July 2025 fixes, including Win10 22H2 `< 19045.6093`, Win11 22H2 `< 22621.5624`, 23H2 `< 22631.5624`, 24H2 `< 26100.4652`, Server 2022 `< 20348.3932`, and Server 2025 `< 26100.4652`.
Fixed versions	Patch baseline starts at the July 8, 2025 build line: `19045.6093`, `22621.5624`, `22631.5624`, `26100.4652`, `20348.3932`, `25398.1732`, and related builds in the NVD matrix. Separate hardening against downgrade paths relies on Microsoft Secure Boot revocation guidance in `KB5025885`.
Research and disclosure	Microsoft STORM researchers Netanel Ben Simon and Alon Leviev later published the underlying `BitUnlocker` research on 2025-08-13, stating the July 2025 Patch Tuesday fixed CVE-2025-48804 and related issues.
Scanning / exposure data	Inference: Shodan/Censys/GreyNoise are poor lenses here because BitLocker is not an internet-routable service and the CVSS attack vector is physical. Real exposure is driven by endpoint count, user travel, TPM-only deployments, and whether CA 2023 / DBX revocations were rolled out.
Most important configuration amplifier	The biggest exposure multiplier is TPM-only BitLocker on mobile endpoints. The biggest brakes are TPM+PIN, CA 2023/DBX revocation, stricter PCR policy, and disabled external boot.

04 · The Call

noisgate verdict.

Final Verdict

= UNCHANGED to MEDIUM (6.4/10)

The decisive factor is still attacker position: this requires physical access to the target device, which makes it a post-theft or hands-on compromise problem rather than a remotely reachable enterprise outbreak. Public PoC code proves the bypass is operational, but it does not remove the hard gating imposed by physical possession, TPM+PIN, and Secure Boot certificate migration.

HIGH Patch metadata and affected/fixed build mapping

MEDIUM Real-world exploitability across mixed enterprise BitLocker configurations

Why this verdict

Baseline stays near vendor because BitLocker is widely deployed and compromise means real data exposure when the prerequisites line up.
Downward adjustment: physical attacker required. This is not unauthenticated remote, authenticated remote, or wormable; it assumes hands-on access to each host, which radically caps scale.
Downward adjustment: exploit path narrows on modern hardening. BitUnlocker itself calls out non-exploitable cases such as TPM+PIN, CA 2023 migration/KB5025885, DBX revocation, or non-default PCR policy.
Upward adjustment: practical PoC exists. Microsoft STORM's research and the public GitHub PoC remove the 'theoretical only' argument, especially for fleets that left BitLocker at default TPM-only settings.
Downward adjustment: blast radius is usually one endpoint. The impact can be severe on that laptop, but it does not inherently hand an attacker domain-wide execution or mass lateral movement.

Why not higher?

A higher rating would fit a remotely reachable or broadly automatable exploit path. This one is still constrained by physical possession, alternate-boot opportunity, and configuration specifics, so the attack population is much smaller than the raw impact numbers suggest.

Why not lower?

This is not ignorable backlog noise because the bypass is now publicly demonstrated and targets a control many defenders rely on for lost-device protection. In mobile, TPM-only fleets, a stolen laptop can become a plaintext data source in minutes if the Secure Boot downgrade protections were never fully finished.

05 · Compensating Control

What to do — in priority order.

Require TPM+PIN on high-risk endpoint classes — Use GPO/Intune to require pre-boot authentication on executives, developers, admins, and all frequently traveling laptops. This directly blocks the mainstream transparent-unlock attack path; for a MEDIUM verdict there is no noisgate mitigation SLA, so treat this as hardening work to complete inside the remediation window, sooner for mobile or high-value users.
Finish CA 2023 / REVISE migration — Apply Microsoft's Secure Boot revocation guidance from KB5025885, update recovery media, and verify the estate no longer trusts the downgrade path centered on PCA 2011. This matters because the public PoC explicitly depends on older trusted boot components; again, no noisgate mitigation SLA applies here, but do not leave it as indefinite technical debt.
Disable external boot where operations allow — Lock down USB/PXE boot in firmware and protect firmware settings with an admin password on managed laptops and workstations. This does not fix the vulnerability, but it raises attacker effort and removes the easiest PoC delivery methods during the remediation window.
Audit BitLocker protector posture — Inventory which devices are TPM-only versus TPM+PIN or startup-key protected, and separate traveling endpoints from fixed-location systems. Your risk is not uniform across 10,000 hosts; the exposed slice is the mobile TPM-only population.
Protect recovery keys and reusable secrets — Assume a successfully bypassed laptop exposes cached credentials, browser tokens, local secrets, and unprotected files. Tighten local admin credential hygiene, browser secret storage policy, and privileged account use on endpoints during the remediation window.

What doesn't work

A WAF does nothing because there is no web path here.
Network segmentation does not stop a local recovery-environment boot chain abuse on the endpoint in hand.
EDR alone is not enough; the critical actions happen before the normal OS and sensor stack are fully in control.
Simply having Secure Boot enabled is not sufficient if the estate still trusts older vulnerable boot artifacts or has not completed the revocation path.

06 · Verification

Crowdsourced verification payload.

Run this on the target Windows host from an elevated PowerShell session: powershell.exe -ExecutionPolicy Bypass -File .\Test-CVE-2025-48804.ps1. It needs local administrator rights to query BitLocker status cleanly; it checks the installed Windows build against the July 2025 fixed build matrix and prints VULNERABLE, PATCHED, or UNKNOWN with context.

noisgate-verify.ps1

POWERSHELLREAD-ONLYSAFE

# Test-CVE-2025-48804.ps1

# Checks whether the local Windows build is below the known fixed build for CVE-2025-48804.

# Exit codes: 0=PATCHED, 1=VULNERABLE, 2=UNKNOWN


$ErrorActionPreference = 'Stop'

function Get-BuildString {
    $cv = Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion'
    $build = [int]$cv.CurrentBuildNumber
    $ubr = [int]$cv.UBR
    return [pscustomobject]@{
        ProductName = $cv.ProductName
        DisplayVersion = $cv.DisplayVersion
        CurrentBuild = $build
        UBR = $ubr
        FullBuild = "$build.$ubr"
    }
}

function Get-BitLockerSummary {
    try {
        $osVol = Get-BitLockerVolume -MountPoint $env:SystemDrive
        $protectorTypes = @($osVol.KeyProtector | ForEach-Object { $_.KeyProtectorType }) -join ', '
        return [pscustomobject]@{
            ProtectionStatus = $osVol.ProtectionStatus
            EncryptionMethod = $osVol.EncryptionMethod
            KeyProtectors = if ($protectorTypes) { $protectorTypes } else { 'None/Unknown' }
        }
    }
    catch {
        return [pscustomobject]@{
            ProtectionStatus = 'Unknown'
            EncryptionMethod = 'Unknown'
            KeyProtectors = 'Unknown'
        }
    }
}

# Fixed thresholds from NVD/MSRC July 2025 patch line

$thresholds = @{
    10240 = 21073   # Windows 10 1507

    14393 = 8246    # Windows 10/Server 2016 / 1607

    17763 = 7558    # Windows 10 1809 / Server 2019

    19044 = 6093    # Windows 10 21H2

    19045 = 6093    # Windows 10 22H2

    20348 = 3932    # Server 2022

    22621 = 5624    # Windows 11 22H2

    22631 = 5624    # Windows 11 23H2

    25398 = 1732    # Server 2022 23H2

    26100 = 4652    # Windows 11 24H2 / Server 2025

}

try {
    $os = Get-BuildString
    $bl = Get-BitLockerSummary

    Write-Output "Host OS      : $($os.ProductName) $($os.DisplayVersion)"
    Write-Output "Build        : $($os.FullBuild)"
    Write-Output "BitLocker    : ProtectionStatus=$($bl.ProtectionStatus); EncryptionMethod=$($bl.EncryptionMethod); KeyProtectors=$($bl.KeyProtectors)"

    if (-not $thresholds.ContainsKey($os.CurrentBuild)) {
        Write-Output "UNKNOWN - Build $($os.CurrentBuild) is not in the maintained CVE-2025-48804 threshold map. Validate manually against current vendor guidance."
        exit 2
    }

    $fixedUbr = [int]$thresholds[$os.CurrentBuild]

    if ($os.UBR -lt $fixedUbr) {
        Write-Output "VULNERABLE - Installed build $($os.CurrentBuild).$($os.UBR) is below fixed threshold $($os.CurrentBuild).$fixedUbr for CVE-2025-48804."
        exit 1
    }
    else {
        Write-Output "PATCHED - Installed build $($os.CurrentBuild).$($os.UBR) meets or exceeds fixed threshold $($os.CurrentBuild).$fixedUbr for CVE-2025-48804."
        Write-Output "NOTE: This script checks patch level only. Public downgrade research also makes Secure Boot CA 2023 / DBX state and BitLocker protector type operationally important."
        exit 0
    }
}
catch {
    Write-Output "UNKNOWN - Failed to evaluate host: $($_.Exception.Message)"
    exit 2
}

07 · Bottom Line

If you remember one thing.

TL;DR

On Monday, June 1, 2026, split this into two workstreams: first, inventory which endpoints are both unpatched and still using TPM-only BitLocker; second, identify whether your estate actually completed the CA 2023 / Secure Boot revocation path. Because this lands at MEDIUM, there is no noisgate mitigation SLA — go straight to the 365-day remediation window; complete vendor patching by May 28, 2027 under the noisgate remediation SLA, while treating TPM+PIN rollout and CA 2023 hardening as priority hardening for mobile/high-value devices rather than a same-week fire drill.

Sources

Peer Review

What defenders are saying.

Submit a review attribution: handle + country only

0 flags selected · stored anonymously

Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.