CVE-2025-55333

Published Oct 14, 2025

Last updated 20 hours ago

Windows BitLocker

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-55333 refers to multiple vulnerabilities. One CVE record describes a stored cross-site scripting (XSS) vulnerability in the Knowledge Base plugin for WordPress. The vulnerability exists in all versions up to and including 2.3.0 due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute whenever a user accesses the injected page. Another CVE record refers to a BitLocker Security Bypass via Physical Access. Additionally, CVE-2025-55333 is also associated with a Windows Kernel vulnerability. Finally, there is another CVE record where remote attackers can execute arbitrary code in the context of the vulnerable service process.

Description: Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Source: secure@microsoft.com
NVD status: Analyzed
Products: windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.6
Impact score: 3.6
Exploitability score: 0.9
Vector string: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

secure@microsoft.com: CWE-1023

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D5EB1D1-8C53-4188-90B9-8ED2FD2837BD",
            "versionEndExcluding": "10.0.10240.21161"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6CE9E60-F2F1-43F2-A535-5326E903D219",
            "versionEndExcluding": "10.0.14393.8519"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B51B700D-B45F-4A8E-9F78-67A1282B3BEA",
            "versionEndExcluding": "10.0.17763.7919"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
            "versionEndExcluding": "10.0.19044.6456"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
            "versionEndExcluding": "10.0.19045.6456"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
            "versionEndExcluding": "10.0.22621.6060"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3FEBF91-5010-4C84-B93A-6EFA4838185A",
            "versionEndExcluding": "10.0.22631.6060"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
            "versionEndExcluding": "10.0.26100.6899"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
            "versionEndExcluding": "10.0.26200.6899"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A8CC16F-8B44-4E7D-8503-25D753387345",
            "versionEndExcluding": "10.0.14393.8519"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
            "versionEndExcluding": "10.0.17763.7919"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
            "versionEndExcluding": "10.0.20348.4294"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
            "versionEndExcluding": "10.0.25398.1913"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72C1771B-635B-41E3-84AF-8822467A1869",
            "versionEndExcluding": "10.0.26100.6899"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.