CVE-2025-10010 – CVE-2025-10010 is a configuration file integrit... (How to Fix)

Q: What is the severity of CVE-2025-10010?

CVE-2025-10010 has a CVSS score of 6.8 (MEDIUM). CVE-2025-10010 is a configuration file integrity bypass vulnerability in CryptoPro Secure Disk (CPSD) that allows attackers with physical access to modify unvalidated Linux configuration files. This enables arbitrary code execution as root during the pre-boot authentication phase, potentially compromising the entire Windows BitLocker encryption system. Organizations using CPSD for disk encryption are affected.

📋 TL;DR

CVE-2025-10010 is a configuration file integrity bypass vulnerability in CryptoPro Secure Disk (CPSD) that allows attackers with physical access to modify unvalidated Linux configuration files. This enables arbitrary code execution as root during the pre-boot authentication phase, potentially compromising the entire Windows BitLocker encryption system. Organizations using CPSD for disk encryption are affected.

💻 Affected Systems

Products:

CryptoPro Secure Disk (CPSD)

Versions: All versions prior to patch (specific version information not provided in CVE)

Operating Systems: Windows systems using CPSD with Linux pre-boot environment

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where CPSD is installed and configured with the vulnerable Linux pre-boot authentication component.

📦 What is this software?

Cryptopro Secure Disk by Cpsd

View all CVEs affecting Cryptopro Secure Disk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where attackers install persistent backdoors, capture encryption keys, and access all encrypted data while bypassing authentication mechanisms.

🟠

Likely Case

Attackers with brief physical access modify configuration files to capture credentials or encryption keys, leading to data exfiltration from encrypted drives.

🟢

If Mitigated

With proper physical security controls and monitoring, attackers cannot access systems physically, preventing exploitation entirely.

🌐 Internet-Facing: LOW - This vulnerability requires physical access to the storage device and cannot be exploited remotely.

🏢 Internal Only: MEDIUM - Insider threats or unauthorized personnel with physical access to devices could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires physical access to modify files on the unencrypted Linux partition, but no authentication is needed once physical access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - check vendor advisory

Vendor Advisory: https://r.sec-consult.com/cpsd

Restart Required: Yes

Instructions:

1. Monitor vendor website for security updates. 2. Apply patches when available. 3. Reboot systems after patching.

🔧 Temporary Workarounds

Physical Security Enhancement

all

Strengthen physical access controls to prevent unauthorized access to devices

Disk Removal Monitoring

all

Implement monitoring for unauthorized physical removal or tampering with storage devices

🧯 If You Can't Patch

Implement strict physical security controls including locked cabinets, access logs, and surveillance for all devices using CPSD.
Consider alternative full-disk encryption solutions that don't have this vulnerability while waiting for patches.

🔍 How to Verify

Check if Vulnerable:

Check if CPSD is installed and review the Linux pre-boot partition for IMA configuration file validation gaps.

Check Version:

Check CPSD version through vendor documentation or installed application information.

Verify Fix Applied:

After vendor patch, verify that configuration files are now included in IMA measurement and validation checks.

📡 Detection & Monitoring

Log Indicators:

Unexpected modifications to Linux pre-boot partition files
IMA measurement failures for configuration files
Authentication anomalies during pre-boot phase

Network Indicators:

No network indicators - physical access required

SIEM Query:

Search for file modification events on CPSD Linux partition or IMA measurement failures

📊 Metadata

CVE ID: CVE-2025-10010

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-353

Published: February 24, 2026

Last Updated: February 26, 2026

🔗 References

https://r.sec-consult.com/cpsd Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10010, you might also want to check these: