CVE-2025-48818: Security feature bypass vulnerability
CVE-2025-48818 is a security feature bypass vulnerability in Windows BitLocker. The flaw stems from a time-of-check to time-of-use (TOCTOU) race condition, which could allow an attacker with physical access to a target system to bypass BitLocker encryption and access protected data.
Although no public exploit code has been released, Microsoft has assessed the vulnerability as likely to be exploited. The issue is particularly concerning for organizations that rely on BitLocker to safeguard sensitive information on portable or unattended devices. Since the vulnerability requires physical access, remote workers are more susceptible to this attack. Therefore, patching should be prioritized for remote devices.
If you are using Vulnerability Manager Plus or Endpoint Central with the Vulnerability Management add-on, you can check for the presence of this vulnerability in your managed systems. Navigate to the Software Vulnerabilities section under Threats and use the Search by CVE ID search bar to look for CVE-2025-48818. If this vulnerability is detected in any of your systems, you will be able to view details about all the affected systems.
To resolve this issue, here are the supported patches:
Patch ID | Patch name | Description |
41806 | Windows10.0-kb5062561-x86-1507.msu | 2025-07 Cumulative Update for Windows 10 Version 1507 for x86-based Systems |
41805 | 2025-07 Cumulative Update for Windows 10 Version 1507 for x64-based Systems | |
41810 | 2025-07 Cumulative Update for Microsoft server operating system version 23H2 for x64-based Systems | |
41801 | 2025-07 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems. | |
41796 | 2025-07 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems | |
41795 | 2025-07 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems | |
41794 | 2025-07 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems | |
41793 | 2025-07 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems | |
41804 | Windows10.0-kb5062557-x64-2019.msu | 2025-07 Cumulative Update for Windows Server 2019 for x64-based Systems |
41803 | 2025-07 Cumulative Update for Windows 10 Version 1809 for x86-based Systems | |
41802 | 2025-07 Cumulative Update for Windows 10 Version 1809 for x64-based Systems | |
41813 | Windows10.0-kb5062560-x86-1607.msu | 2025-07 Cumulative Update for Windows 10 Version 1607 for x86-based Systems |
41812 | Windows10.0-kb5062560-x64-1607.msu | 2025-07 Cumulative Update for Windows 10 Version 1607 for x64-based Systems |
41811 | 2025-07 Cumulative Update for Windows Server 2016 for x64-based Systems | |
41800 | 2025-07 Cumulative Update for Windows 11 Version 23H2 for arm64-based Systems | |
41799 | 2025-07 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems | |
41798 | 2025-07 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems | |
41797 | 2025-07 Cumulative Update for Windows 11 Version 22H2 for arm64-based Systems | |
41809 | 2025-07 Cumulative Update for Microsoft server operating system version 24H2 for x64-based Systems | |
41808 | 2025-07 Cumulative Update for Windows 11 Version 24H2 for arm64-based Systems | |
41807 | 2025-07 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems |
Using Patch Manager Plus, Vulnerability Manager Plus, or Endpoint Central, you can deploy these patches. If any patches are missing from your managed systems, go to the Missing Patches section, search for the necessary Patch IDs in the Patch ID column, filter them, and deploy them immediately to protect your systems from this vulnerability.