CVE-2025-26637

Q: What is the severity of CVE-2025-26637?

CVE-2025-26637 has a CVSS score of 6.8 (MEDIUM). This CVE describes a protection mechanism failure in Windows BitLocker that allows unauthorized attackers with physical access to bypass security features. The vulnerability affects Windows systems using BitLocker encryption, potentially exposing encrypted data to unauthorized access.

6.8 MEDIUM

Authentication Bypass

📋 TL;DR

This CVE describes a protection mechanism failure in Windows BitLocker that allows unauthorized attackers with physical access to bypass security features. The vulnerability affects Windows systems using BitLocker encryption, potentially exposing encrypted data to unauthorized access.

💻 Affected Systems

Products:

Windows BitLocker

Versions: Specific versions not detailed in provided references; likely affects multiple Windows versions with BitLocker enabled.

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with BitLocker enabled. Systems without BitLocker or with alternative encryption methods are not vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete bypass of BitLocker encryption allowing unauthorized access to all encrypted data on the system, including sensitive files and credentials.

🟠

Likely Case

Targeted physical attacks against specific high-value systems to extract encrypted data without proper authentication.

🟢

If Mitigated

Limited impact with proper physical security controls and additional authentication layers in place.

🌐 Internet-Facing: LOW - This requires physical access to the system, not remote exploitation.

🏢 Internal Only: MEDIUM - Physical access within controlled environments could still pose risks to sensitive systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires physical access to the target system, which adds logistical complexity despite the technical bypass being potentially straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific patch versions

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26637

Restart Required: Yes

Instructions:

1. Open Windows Update settings
2. Check for updates
3. Install all available security updates
4. Restart the system when prompted

🔧 Temporary Workarounds

Enable Additional Authentication

windows

Require additional authentication factors beyond TPM for BitLocker startup

Manage-bde -protectors -add C: -TPMAndPIN
Manage-bde -protectors -add C: -TPMAndStartupKey

Disable BitLocker

windows

Temporarily disable BitLocker encryption if patching is not immediately possible

Manage-bde -off C:

🧯 If You Can't Patch

Implement strict physical security controls to prevent unauthorized access to systems
Use additional encryption layers or secure boot configurations to complement BitLocker

🔍 How to Verify

Check if Vulnerable:

Check if BitLocker is enabled and system has not been patched for CVE-2025-26637 via Windows Update history

Check Version:

wmic qfe list | findstr KB

Verify Fix Applied:

Verify the latest security updates are installed and BitLocker protection mechanisms are functioning correctly

📡 Detection & Monitoring

Log Indicators:

Unexpected BitLocker unlock attempts
Multiple failed authentication attempts to encrypted drives
System event logs showing encryption state changes

Network Indicators:

Not applicable - this is a physical access attack

SIEM Query:

EventID=4104 OR EventID=4105 | where DeviceName contains "BitLocker"

📊 Metadata

CVE ID: CVE-2025-26637

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-693

EPSS Score: 1.37% exploit probability (79.9th percentile)

Published: April 8, 2025

Last Updated: February 16, 2026

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft