ThreatCluster

New BitUnlocker Attack Compromises Windows 11 Disk Encryption in Minutes

First seen 12 May 2026, 09:43 UTC CybersecuritynewsGbhackers 91% similarity 70

Article Content

Browse articles
ThreatCluster

A new downgrade attack, dubbed BitUnlocker, has been identified, allowing attackers with physical access to Windows 11 machines to bypass BitLocker disk encryption in under 5 minutes. This attack exploits CVE-2025-48804, a critical vulnerability first documented by the Microsoft STORM team in July 2025. The flaw arises from a gap in how Secure Boot interacts with legacy systems, enabling unauthorized decryption of protected volumes. The first public proof-of-concept for this exploit was released on April 30, 2026. Organizations using Windows 11 should be aware of this vulnerability and take necessary precautions to secure their systems. The attack poses a significant risk to data confidentiality for users who rely on BitLocker for encryption. Immediate action is recommended for those with physical access to their devices.

Key Points: • BitUnlocker attack allows decryption of Windows 11 BitLocker volumes in under 5 minutes. • Exploits CVE-2025-48804, a critical vulnerability related to Secure Boot and legacy systems. • First public proof-of-concept was released on April 30, 2026.

ThreatCluster AI

Timeline

2025-07-08
CVE-2025-48804 published
Microsoft disclosed a critical vulnerability affecting BitLocker encryption on Windows 11.
Cybersecuritynews
2026-04-30
First public PoC for BitUnlocker released
A proof-of-concept exploit demonstrating the downgrade attack was made public, showcasing its effectiveness.
Gbhackers
2026-05-12
BitUnlocker attack reported
Cybersecurity news outlets report on the practical downgrade attack affecting Windows 11 systems.
Cybersecuritynews

Community

Browse all →