CVE-2025-10010 – CryptoPro Secure Disk for BitLocker Integrity Validation Bypass

“Weak integrity checks let attackers alter critical boot files and seize root control before BitLocker unlocks the drive.”

This update addresses CVE-2025-10010, a medium severity vulnerability with a CVSS v3 score of 6.8. The issue affects CryptoPro Secure Disk for BitLocker, which uses a Linux-based pre-boot environment to authenticate users before decrypting the Windows partition. The Linux component resides on an unencrypted partition. Because certain configuration files were not properly validated by the Integrity Measurement Architecture (IMA), an attacker with physical access could modify those files and execute arbitrary code with root privileges before BitLocker unlocks the system.

Successful exploitation requires physical access but no prior authentication or privileges. An attacker could implant malicious code, tamper with the boot process, or compromise sensitive data before the operating system loads. There are no confirmed reports of active exploitation in the wild at this time.

The vulnerability is resolved in CryptoPro Secure Disk versions 7.6.6 and 7.7.1, which strengthen integrity validation controls in the pre-boot environment.

Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.

CVE-2025-10010 – CryptoPro Secure Disk for BitLocker Integrity Validation Bypass

Stay Tuned

PLATFORM

SOLUTIONS

RESOURCES

COMPANY

LEGAL

CONTACTS

+1-346-444-8530

Toll Free: 833-444-8530

708 Main St, 10th FL, Houston, TX 77002