CVE-2025-55332
published 2025-10-14CVE-2025-55332: Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
medium4.6CVSS 3.1
AVPACLPRNUINSUCHINAN
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1809 | < 10.0.17763.7919 | 10.0.17763.7919 |
| microsoft | windows_10_21h2 | < 10.0.19044.6456 | 10.0.19044.6456 |
| microsoft | windows_10_22h2 | < 10.0.19045.6456 | 10.0.19045.6456 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.7919 | 10.0.17763.7919 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.6456 | 10.0.19044.6456 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.6456 | 10.0.19045.6456 |
| microsoft | windows_11_22h2 | < 10.0.22621.6060 | 10.0.22621.6060 |
| microsoft | windows_11_23h2 | < 10.0.22631.6060 | 10.0.22631.6060 |
| microsoft | windows_11_24h2 | < 10.0.26100.6899 | 10.0.26100.6899 |
| microsoft | windows_11_25h2 | < 10.0.26200.6899 | 10.0.26200.6899 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.6060 | 10.0.22621.6060 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.6060 | 10.0.22631.6060 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.6060 | 10.0.22631.6060 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.6899 | 10.0.26100.6899 |
| microsoft | windows_11_version_25h2 | >= 10.0.26200.0 < 10.0.26200.6899 | 10.0.26200.6899 |
| microsoft | windows_server_2019 | < 10.0.17763.7919 | 10.0.17763.7919 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.7919 | 10.0.17763.7919 |
| microsoft | windows_server_2022 | < 10.0.20348.4294 | 10.0.20348.4294 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.4294 | 10.0.20348.4294 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1913 | 10.0.25398.1913 |
| microsoft | windows_server_2025 | < 10.0.26100.6899 | 10.0.26100.6899 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.6899 | 10.0.26100.6899 |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
GHSA
GHSA-m44c-8m5v-q44r: Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack
ghsa_unreviewed·2025-10-14
CVE-2025-55332 [MEDIUM] CWE-841 GHSA-m44c-8m5v-q44r: Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Microsoft
Windows BitLocker Security Feature Bypass Vulnerability
vendor_msrc·2025-10-14·CVSS 6.1
CVE-2025-55332 [MEDIUM] CWE-841 Windows BitLocker Security Feature Bypass Vulnerability
Windows BitLocker Security Feature Bypass Vulnerability
Description: Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.
Windows BitLocker: Windows BitLocker
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Security Feature Bypass
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Reference: https://catalog.update.
No detection rules found.
No public exploits indexed.
2025-10-14
Published