"BitUnlocker" full-volume encryption bypass found by Microsoft researchers

Microsoft's own security researchers uncovered a set of of vulnerabilities in the Windows Recovery Environment (WinRE), one of which could have allowed attackers with direct physical device access to permanently bypass BitLocker encryption entirely.

The research, conducted by Microsoft's Security Testing and Offensive Research at Microsoft (STORM) team, uncovered four distinct attack vectors that exploited the trust relationship between BitLocker and WinRE.

STORM researchers Netanel Ben Simon and Alon Leviev named their work BitUnlocker.

BitLocker is aimed at protecting data on disk in the event of device loss, theft or seizure, by using strong encryption of storage volumes.

It relies on WinRE for recovery operations for when encryption fails, or becomes corrupted.

To enable this functionality, Microsoft implemented architectural changes that inadvertently created new attack surfaces accessible to anyone who could physically restart a machine and boot into recovery mode.

The core issue stemmed from WinRE's "auto-unlock" state, where the recovery environment gains full access to encrypted volumes during legitimate recovery operations.

"This parsing presents a very interesting attack surface, which wasn't valuable to explore before BitLocker's introduction," the researchers wrote in their detailed technical analysis.

A BitLocker attacker can directly boot into WinRE by holding the Shift key while selecting "Restart" from the logon screen.

The first discovered flaw, was assigned the CVE-2025-48804 index.

It exploits how WinRE processes System Deployment Image (SDI) files during boot.

Researchers found they could append malicious Windows images to legitimate Boot.sdi files whilst manipulating offset pointers to bypass integrity verification.

The attack worked because the system verified the hash of the original WIM file on disk rather than the one actually being executed.

This allowed attackers to boot untrusted recovery environments that inherited full access to encrypted volumes.

A further two separate vulnerabilities in ReAgent.xml parsing provided alternative standalone attack paths for gaining command-line access with BitLocker auto-unlock privileges.

CVE-2025-48800 exploited the "Offline Scanning" scheduled operation feature, which was designed to run antivirus scans against encrypted volumes from within WinRE.

STORM researchers discovered that tttracer.exe, a legitimate time-travel step-by-step debugging utility signed by Microsoft, could be abused to proxy-execute arbitrary commands without triggering re-lock functionality.

The cmd.exe command prompt, when launched through tttracer.exe, inherits WinRE's special permission to access encrypted volumes, allowing attackers to browse and copy supposedly protected BitLocker data, the researchers found.

A second ReAgent.xml vulnerability, CVE-2025-48003, targetted the SetupPlatform.exe application, which remains in the system's trusted app registry after Windows upgrades.

This application registers a Shift+F10 hotkey sequence that launches a command prompt without re-locking encrypted volumes.

By manipulating configuration files on the recovery volume, attackers could create an infinite time window for triggering this hotkey combination.

Complete volume decryption exploit devised

With "all the pieces required" the STORM researchers assembled a full BitLocker bypass exploit chain.

Creating the most severe vulnerability, CVE-2025-48818, they were able to achieve complete decryption of BitLocker-protected volumes through manipulation of Boot Configuration Data (BCD) stores.

This represents the full exploit chain that combines multiple techniques for the most devastating attack outcome.

Researchers exploited inconsistencies in how Windows enumerates disk volumes, allowing them to place malicious BCD stores on recovery partitions that would be processed before legitimate ones.

This "target OS location impersonation primitive" tricked WinRE into treating attacker-controlled volumes as trusted encrypted systems.

The team chained this with Push Button Reset functionality, which includes a "DecryptVolume" directive designed for legitimate system recovery operations.

"Once PBR completes its process, BitLocker secrets become freely accessible, as BitLocker was disabled by PBR," the researchers demonstrated.

To mitigate against vulnerabilities like the above, Microsoft recommends enabling Trusted Platform Module (TPM) hardware chip with personal identification number (PIN) authentication for pre-boot verification.

Doing so reduces attack surfaces by by forcing attackers to focus on the TPM hardware itself, eliminating software-based attacks.

The company also advises implementing REVISE mitigation to prevent BitLocker downgrade attacks that could reintroduce known vulnerabilities.

All four vulnerabilities were patched in Microsoft's July 2025 Patch Wednesday, with STORM  presentations of the flaws held at the Black Hat USA 2025 and DEF CON 33 security conferences in Las Vegas.