Researchers from security company Intrinsec recently unveiled a tool called "BitUnlocker" that can bypass Windows 11's BitLocker disk encryption in less than 5 minutes using only TPM (Trusted Platform Module) protection mode. The tool exploits a so-called "downgrade attack" that exploits the time lag between when software is patched and old certificates are revoked. By loading older but still trusted components, it ultimately opens a BitLocker-protected disk.
This attack is related to the security vulnerability numbered CVE-2025-48804, which is located in the processing mechanism of Windows Recovery Environment (Windows Recovery Environment) and System Deployment Image (System Deployment Image). Microsoft has released a patch in July 2025 to fix it. However, the researchers pointed out that even if the vulnerability is patched, as long as the old certificate is still trusted by the system, it may still be bypassed through the downgrade path.
Judging from the attack conditions, BitUnlocker is not a remote attack tool. The attacker must first obtain physical access to the target device. For example, an attacker could use a pre-prepared USB flash drive to provide the Windows Boot Manager with a fully formatted and signed Windows Image (WIM) file that passes the integrity check during the boot phase, while including a malicious payload. After the system verifies the "clean" image file, it continues to unconditionally launch the malicious code in it, thereby gaining access to the decrypted volume.
The real key is that it takes advantage of the "fallback" space in the certificate chain. Currently, Microsoft's early Windows PCA 2011 root certificate is still globally trusted by Secure Boot, which provides attackers with downgrade space: they can load an older version of the boot manager binary that contains known vulnerabilities, and the old version of the file can still pass Secure Boot's signature verification and be executed by the system as a legitimate component.
This attack is a stark warning to regular PC users and enthusiasts who rely solely on the default TPM configuration to use BitLocker. When the downgraded legacy boot manager is running, the TPM still verifies boot measurements according to the existing process and compares them against the still-trusted PCA 2011 certificate. Since the system environment "looks normal" from its perspective, the TPM will unblock the BitLocker Volume Master Key without any abnormalities, and the entire process will not trigger any alarm mechanisms.
At present, the biggest "buffer" for this attack chain is still the prerequisite for physical contact with the device. For systems with TPM and pre-boot PIN configuration turned on, attacks like BitUnlocker will lose scope: TPM requires additional manual input steps before releasing the key. As long as the PIN is not leaked, it is difficult for a physical attacker to complete the entire downgrade process and obtain the decryption key.
In addition, devices that have completed the KB5025885 update and migrated the Secure Boot trust chain to the new Windows UEFI CA 2023 digital certificate can basically block this downgrade path. In this configuration, legacy startup components that rely on PCA 2011 are no longer trusted and cannot be used as entry points. The researchers emphasized that users and enterprises should check as soon as possible whether their systems have completed relevant updates and, if conditions permit, enable additional protection measures such as pre-boot PINs to reduce the risk of physical attacks.
learn more:
https://github.com/garatc/BitUnlocker