Windows BitLocker
by Microsoft
CVEs (22)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45658 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2026-27913 | Hig | 0.50 | 7.7 | 0.00 | Apr 14, 2026 | Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally. | ||
| CVE-2026-50507 | Med | 0.44 | 6.8 | 0.05 | Jun 9, 2026 | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2008-3893 | Med | 0.36 | 5.5 | 0.01 | Sep 3, 2008 | Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this… | ||
| CVE-2026-45655 | Med | 0.34 | 5.3 | 0.00 | Jun 9, 2026 | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2024-20666 | 0.01 | — | 0.03 | Jan 9, 2024 | BitLocker Security Feature Bypass Vulnerability | |||
| CVE-2025-55337 | 0.00 | — | 0.00 | Oct 14, 2025 | Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||
| CVE-2025-55332 | 0.00 | — | 0.01 | Oct 14, 2025 | Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||
| CVE-2025-55330 | 0.00 | — | 0.01 | Oct 14, 2025 | Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||
| CVE-2025-55338 | 0.00 | — | 0.03 | Oct 14, 2025 | Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||
| CVE-2025-55333 | 0.00 | — | 0.01 | Oct 14, 2025 | Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||
| CVE-2025-54912 | 0.00 | — | 0.00 | Sep 9, 2025 | Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-54911 | 0.00 | — | 0.01 | Sep 9, 2025 | Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-48818 | 0.00 | — | 0.00 | Jul 8, 2025 | Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||
| CVE-2025-48800 | 0.00 | — | 0.01 | Jul 8, 2025 | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||
| CVE-2025-48003 | 0.00 | — | 0.01 | Jul 8, 2025 | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||
| CVE-2025-48001 | 0.00 | — | 0.00 | Jul 8, 2025 | Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||
| CVE-2024-20665 | 0.00 | — | 0.01 | Apr 9, 2024 | BitLocker Security Feature Bypass Vulnerability | |||
| CVE-2023-21563 | 0.00 | — | 0.02 | Jan 10, 2023 | BitLocker Security Feature Bypass Vulnerability | |||
| CVE-2022-22711 | 0.00 | — | 0.00 | Jul 12, 2022 | Windows BitLocker Information Disclosure Vulnerability |
- risk 0.51cvss 7.8epss 0.00
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.50cvss 7.7epss 0.00
Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.
- risk 0.44cvss 6.8epss 0.05
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.36cvss 5.5epss 0.01
Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this…
- risk 0.34cvss 5.3epss 0.00
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- CVE-2024-20666Jan 9, 2024risk 0.01cvss —epss 0.03
BitLocker Security Feature Bypass Vulnerability
- CVE-2025-55337Oct 14, 2025risk 0.00cvss —epss 0.00
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- CVE-2025-55332Oct 14, 2025risk 0.00cvss —epss 0.01
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- CVE-2025-55330Oct 14, 2025risk 0.00cvss —epss 0.01
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- CVE-2025-55338Oct 14, 2025risk 0.00cvss —epss 0.03
Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- CVE-2025-55333Oct 14, 2025risk 0.00cvss —epss 0.01
Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- CVE-2025-54912Sep 9, 2025risk 0.00cvss —epss 0.00
Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.
- CVE-2025-54911Sep 9, 2025risk 0.00cvss —epss 0.01
Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.
- CVE-2025-48818Jul 8, 2025risk 0.00cvss —epss 0.00
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- CVE-2025-48800Jul 8, 2025risk 0.00cvss —epss 0.01
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- CVE-2025-48003Jul 8, 2025risk 0.00cvss —epss 0.01
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- CVE-2025-48001Jul 8, 2025risk 0.00cvss —epss 0.00
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- CVE-2024-20665Apr 9, 2024risk 0.00cvss —epss 0.01
BitLocker Security Feature Bypass Vulnerability
- CVE-2023-21563Jan 10, 2023risk 0.00cvss —epss 0.02
BitLocker Security Feature Bypass Vulnerability
- CVE-2022-22711Jul 12, 2022risk 0.00cvss —epss 0.00
Windows BitLocker Information Disclosure Vulnerability
Page 1 of 2