CVE-2025-48804

Published Jul 8, 2025

Last updated 10 months ago

CVSS medium 6.8

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-48804 is a vulnerability found in Windows BitLocker that enables an unauthorized attacker to bypass a security feature through a physical attack. This bypass occurs due to the system's acceptance of extraneous untrusted data alongside trusted data. More specifically, this vulnerability can be exploited by leveraging Windows Recovery Environment (WinRE) app trust validation. An attacker can utilize the pre-registered `SetupPlatform.exe` to gain persistent command-line access through keyboard shortcuts, thereby circumventing BitLocker's protections.

Description
Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025

Risk scores

CVSS 3.1

Type
Primary
Base score
6.8
Impact score
5.9
Exploitability score
0.9
Vector string
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
MEDIUM

Weaknesses

secure@microsoft.com
CWE-349

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

7

  1. ⏱️ تجاوز BitLocker في أقل من 5 دقائق CVE-2025-48804 – Downgrade Attack في يوليو 2025، فريق Microsoft STORM كشف سلسلة هجوم كاملة ضد BitLocker عبر WinRE. الفكرة: الـ Boot Manager يتحقق من WIM شرعي،

    @alhaithem

    8 May 2026

    227 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. ⏱️ Bypassing BitLocker in under 5 min CVE-2025-48804 – Downgrade Attack في يوليو 2025، فريق Microsoft STORM كشف سلسلة هجوم كاملة ضد BitLocker عبر WinRE. الفكرة: الـ Boot Manager يتحقق من WIM شرعي، لكن عند

    @alhaithem

    8 May 2026

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. اكتشاف طريقة لتجاوز Bitlocker في أقل من 5 دقائق باستخدام هجوم تخفيض الإصدار على CVE-2025-48804. A method has been discovered to bypass Bitlocker in under 5 minutes using a downgrade attack on CVE-2025-48804. This highlights

    @fad_777

    8 May 2026

    243 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  4. Bypassing Bitlocker under 5 min using downgrade attack on CVE-2025-48804 https://t.co/Zx8vVKRuF2

    @Dinosn

    8 May 2026

    3211 Impressions

    16 Retweets

    38 Likes

    22 Bookmarks

    0 Replies

    0 Quotes

  5. BitLockerを迂回しデータを抽出する複数のゼロデイ脆弱性BitUnlockerについて。マイクロソフト自社発見。CVE-2025-48800, CVE-2025-48003, CVE-2025-48804, CVE-2025-48818。Windows回復環境(WinRE)が悪い。7月の定例更新で修正。TPM+PIN

    @__kokumoto

    11 Aug 2025

    2488 Impressions

    18 Retweets

    42 Likes

    9 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.CVE-2026-33829
  2. Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.CVE-2026-33827
  3. Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.CVE-2026-33826
  4. Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.CVE-2026-33824
  5. Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.CVE-2026-33104

References

Sources include official advisories and independent security research.