A new tool, BitUnlocker, reveals a practical downgrade attack against Microsoft’s BitLocker encryption, allowing attackers with physical access to decrypt protected volumes on patched Windows 11 machines in under 5 minutes by exploiting a crucial gap between patching and certificate revocation.
The attack is rooted in CVE-2025-48804, one of four critical zero-day vulnerabilities discovered by Microsoft’s Security Testing & Offensive Research (STORM) team and patched during July 2025’s Patch Tuesday.
According to Intrinsec research, the flaw resides in the Windows Recovery Environment (WinRE) and involves the System Deployment Image (SDI) file mechanism.
When the boot manager loads a legitimate WIM (Windows Imaging Format) file referenced by an SDI for integrity verification, it simultaneously allows a second, attacker-controlled WIM to be appended to the SDI’s blob table.
The boot manager verifies the first (legitimate) WIM but actually boots from the second, which contains a WinRE image modified to launch cmd.exe with the BitLocker volume already decrypted and mounted.
Microsoft shipped a patched bootmgfw.efi binary for all supported systems via Windows Update in July 2025. However, the patch alone does not close the attack surface.
BitUnlocker Downgrade Attack on Windows 11
The critical weakness enabling the BitUnlocker attack is not a missing patch; it is an unrevoked signing certificate.
Secure Boot validates a binary’s signing certificate, not its version number. The legacy Microsoft Windows PCA 2011 certificate, used to sign all boot managers prior to the July 2025 fix, remains trusted in the Secure Boot databases of virtually all machines currently in use, unless a fresh Windows installation was performed after early 2026.
This means a pre-patch bootmgfw.efi, signed under PCA 2011, is still considered completely valid by Secure Boot despite being vulnerable.
Mass revocation of PCA 2011 poses a significant operational challenge for Microsoft, as it would affect a wide range of legitimate signed binaries across the ecosystem.
Building on the original STORM research and prior work on the “bitpixie” downgrade exploit, researchers developed a working PoC that chains these weaknesses into a sub-five-minute attack.
According to Intrinsec, the attacker requires only physical access to the target workstation, a USB drive or PXE boot server, and no specialized hardware.
The attack proceeds as follows: the attacker prepares a modified BCD (Boot Configuration Data) file pointing to a tampered SDI and serves an old, vulnerable PCA 2011-signed boot manager via USB or PXE boot.
The target machine loads the pre-patch boot manager, which passes Secure Boot validation normally.
The TPM releases the BitLocker Volume Master Key without triggering any alerts, because PCR measurements 7 and 11 remain valid under the trusted PCA 2011 certificate. The result: a command prompt opens with the OS volume fully decrypted and mounted.
Systems running TPM-only BitLocker (without a PIN) whose Secure Boot database still trusts PCA 2011 are fully vulnerable.
Machines configured with TPM + PIN are protected, as the TPM will not unseal the VMK without user interaction during pre-boot authentication.
Systems that have completed the KB5025885 migration, moving the boot manager signature to the newer Windows UEFI CA 2023 certificate, are also protected against this downgrade path.
Mitigations
Security teams should take the following actions immediately:
- Enable TPM + PIN pre-boot authentication — the single most effective control, preventing TPM from releasing the VMK during any manipulated boot sequence.
- Deploy KB5025885 — this Microsoft update migrates boot manager signing to CA 2023 and introduces revocation controls that eliminate the downgrade path.
- Verify boot manager certificate — mount the EFI partition and use
sigcheckto confirm the activebootmgfw.efiis signed under CA 2023, not the legacy PCA 2011. - Remove the WinRE recovery partition on high-security workloads where pre-boot authentication cannot be enforced, minimizing the attack surface exposed to this class of exploit.
The PoC is publicly available on GitHub, raising the urgency for enterprise defenders to audit their BitLocker configurations and accelerate CA 2023 migration before opportunistic attackers operationalize this technique in targeted intrusions.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
