Critical Vulnerabilities in CryptoPro Secure Disk for BitLocker Expose Systems to Root Access and Credential Theft
Recent security assessments have uncovered significant vulnerabilities in CryptoPro Secure Disk (CPSD) for BitLocker, a widely utilized encryption tool designed to enhance data protection on Windows systems. These flaws present substantial risks, potentially allowing attackers with physical access to compromised devices to gain persistent root access and exfiltrate sensitive credentials.
Overview of Identified Vulnerabilities
Security experts at SEC Consult Vulnerability Lab have identified two primary vulnerabilities within CPSD:
1. Integrity Validation Bypass (CVE-2025-10010): This flaw enables attackers to circumvent the system’s integrity checks, facilitating the execution of arbitrary code with root privileges.
2. Cleartext Storage of Sensitive Data: Critical credentials are stored in unencrypted temporary files, making them easily accessible to unauthorized users.
Detailed Analysis of the Integrity Validation Bypass
CPSD operates by booting a minimal Linux environment to authenticate users before decrypting the Windows partition secured by BitLocker. This Linux-based pre-boot authentication (PBA) system resides on an unencrypted partition, which is accessible to anyone with physical access to the device.
The system employs the Linux kernel’s Integrity Measurement Architecture (IMA) to verify the integrity of files during the boot process. However, researchers discovered that IMA does not validate certain configuration files. By manipulating these unverified files, an attacker can execute arbitrary code with root privileges. This exploitation could lead to the installation of persistent backdoors, allowing continuous monitoring and unauthorized access to sensitive data without triggering system alerts.
Implications of Cleartext Storage of Sensitive Data
Another critical issue involves the storage of sensitive information in cleartext within the system’s temporary directory (`/tmp`). When users forget their credentials, CPSD offers an online support feature that connects to a predefined network to assist in credential recovery. To establish this connection, the system stores necessary secrets, such as certificates and passwords, in unencrypted temporary files.
If an attacker has already gained access to the Linux environment—potentially through the aforementioned integrity validation bypass—they can easily read these cleartext files. This access could enable them to infiltrate internal networks or bypass network access controls, further compromising the organization’s security infrastructure.
Vendor Response and Mitigation Measures
Upon notification of these vulnerabilities in June 2025, CPSD promptly developed and released patches to address the issues. The vulnerabilities are resolved in versions 7.6.6 and 7.7.1 of the software.
Organizations utilizing CryptoPro Secure Disk are strongly advised to update their software to these patched versions immediately. For those unable to implement the update promptly, CPSD recommends encrypting the PBA partition—a feature available since version 7.6.0. Starting with version 7.7, this encryption is enabled by default, effectively mitigating the risk of unauthorized file modifications.
Recommendations for Enhanced Security
In light of these findings, organizations should undertake comprehensive security reviews of their encryption solutions to identify and rectify potential vulnerabilities. Implementing the following measures can further bolster system security:
– Regular Software Updates: Ensure all encryption tools and related software are updated to the latest versions to benefit from security patches and enhancements.
– Physical Security Controls: Restrict physical access to devices containing sensitive information to authorized personnel only.
– Data Encryption Best Practices: Utilize robust encryption methods for all sensitive data, including temporary files and system partitions.
– System Integrity Monitoring: Deploy monitoring tools to detect unauthorized changes to system files and configurations.
By proactively addressing these vulnerabilities and implementing stringent security protocols, organizations can significantly reduce the risk of unauthorized access and data breaches.
