CVE-2025-10010 concerns a vulnerability in the CPSD CryptoPro Secure Disk for BitLocker, a security product that uses a small Linux-based operating system to authenticate users before unlocking a BitLocker-encrypted Windows partition. This Linux OS and the CryptoPro application reside on a separate, unencrypted partition accessible to anyone with physical access to the hard disk. The product implements multiple integrity checks, including the Linux kernel's Integrity Measurement Architecture (IMA), to detect unauthorized modifications to system files. However, it was discovered that configuration files are excluded from IMA validation, creating a gap in the integrity verification process. An attacker with physical access can modify these configuration files to execute arbitrary code with root privileges during system boot. This can facilitate planting persistent backdoors and unauthorized access to sensitive data during the decryption process. The vulnerability affects versions prior to 7.6.6 and 7.7.1 and does not require authentication or user interaction to exploit. The CVSS 3.1 base score is 6.8, reflecting the medium severity due to the requirement of physical access and the high impact on confidentiality, integrity, and availability. No public exploits have been reported yet, but the risk remains significant given the elevated privileges gained upon exploitation.

The vulnerability allows attackers with physical access to bypass critical integrity checks on the authentication environment that protects BitLocker-encrypted data. By modifying unvalidated configuration files, attackers can execute arbitrary code as root, potentially planting persistent backdoors and gaining full control over the system before Windows boots. This compromises the confidentiality and integrity of encrypted data, undermining the primary security guarantees of BitLocker. Organizations relying on CryptoPro Secure Disk for BitLocker to protect sensitive information face risks of data theft, unauthorized system access, and persistent compromise. The attack requires physical access, limiting remote exploitation but increasing risk in environments with shared or poorly secured hardware. The availability of the system can also be affected if malicious modifications disrupt the boot or authentication process. Overall, the vulnerability threatens the foundational trust model of disk encryption by compromising the pre-boot authentication environment.

1. Immediately upgrade CryptoPro Secure Disk for BitLocker to versions 7.6.6 or later, where this vulnerability is addressed. 2. Implement strict physical security controls to prevent unauthorized access to devices, including locked server rooms, secure storage, and tamper-evident seals. 3. Employ full disk encryption solutions that include integrity protection for all pre-boot components, including configuration files. 4. Use hardware-based security modules (e.g., TPM with measured boot) to ensure the integrity of the boot environment beyond software checks. 5. Regularly audit and monitor system partitions for unauthorized changes, especially unencrypted partitions containing critical boot components. 6. Consider additional endpoint detection and response (EDR) solutions that can detect anomalous behavior indicative of pre-boot compromise. 7. Educate staff on the risks of physical access attacks and enforce policies to minimize exposure of sensitive hardware. 8. If patching is delayed, consider disabling CryptoPro Secure Disk or using alternative authentication methods that do not expose unencrypted partitions.