CVE-2025-55337

Published Oct 14, 2025

Last updated 19 hours ago

Windows BitLocker

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-55337 is a vulnerability in Windows BitLocker. It stems from an improper enforcement of behavioral workflow. This vulnerability allows an unauthorized attacker to bypass a security feature through a physical attack.

Description: Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Source: secure@microsoft.com
NVD status: Analyzed
Products: windows_11_24h2, windows_11_25h2, windows_server_2025

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.6
Impact score: 3.6
Exploitability score: 0.9
Vector string: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

secure@microsoft.com: CWE-841

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
            "versionEndExcluding": "10.0.26100.6899"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
            "versionEndExcluding": "10.0.26200.6899"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72C1771B-635B-41E3-84AF-8822467A1869",
            "versionEndExcluding": "10.0.26100.6899"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.