CVE-2025-55330: 
vulnerability analysis and mitigation

Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. The vulnerability, identified as CVE-2025-55330, affects multiple versions of Windows including Windows Server 2022 23h2, Windows 11 (22h2, 23h2, 24h2, 25h2), and Windows Server 2025 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 4.6 (MEDIUM) by NIST with vector string CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, while Microsoft assessed it with a score of 6.1 (MEDIUM) and vector string CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. The vulnerability is classified under CWE-841 (Improper Enforcement of Behavioral Workflow) (NVD).

The vulnerability allows an unauthorized attacker with physical access to bypass BitLocker security features, potentially compromising the confidentiality and integrity of protected data (NVD).

Microsoft has released security updates to address this vulnerability. Affected systems should be updated to versions Windows Server 2022 23h2 10.0.25398.1913 or later, Windows 11 22h2 10.0.22621.6060 or later, Windows 11 23h2 10.0.22631.6060 or later, Windows 11 24h2 10.0.26100.6899 or later, Windows 11 25h2 10.0.26200.6899 or later, and Windows Server 2025 10.0.26100.6899 or later (NVD).