Recent security evaluations have uncovered multiple vulnerabilities in CryptoPro Secure Disk (CPSD) for BitLocker, an encryption tool widely implemented for data security. These vulnerabilities could allow unauthorized individuals with physical access to a system to gain root access and potentially extract sensitive credentials.
Significant Security Risks Identified
Security researchers from SEC Consult Vulnerability Lab have highlighted these vulnerabilities, which pose substantial risks to organizations relying on CPSD for safeguarding their information. The primary concern involves bypassing integrity checks, enabling root-level code execution, and exposing sensitive data stored in cleartext.
Integrity Validation Bypass Compromises Security
One of the critical vulnerabilities, labeled CVE-2025-10010, is associated with integrity validation bypass. The issue arises because the Linux operating system used by CryptoPro Secure Disk to authenticate users is located on an unencrypted partition. This setup makes it accessible to anyone with physical access to the device. Although the system uses the Linux kernel’s Integrity Measurement Architecture (IMA) to verify files, certain configuration files are not validated, allowing potential code execution with root privileges.
An attacker could manipulate these files to deploy malicious code, leading to unauthorized data access or even implanting a backdoor. This serious flaw underscores the need for robust integrity validation mechanisms in encryption solutions.
Cleartext Storage of Sensitive Data
The second vulnerability pertains to the storage of critical data in cleartext. CryptoPro Secure Disk offers an online support feature for users who forget their credentials, which connects to a predefined network. This process involves storing sensitive information, such as certificates and passwords, in the temporary ‘/tmp’ directory in cleartext. If an attacker exploits the previously mentioned vulnerability, they could easily access this data, potentially leading to internal network access and bypassing network security measures.
Such cleartext storage of credentials poses significant risks, as it could facilitate unauthorized access to networks and compromise organizational infrastructure.
Vendor Response and Recommendations
The vendor, CPSD, was alerted to these vulnerabilities in June 2025. In response, they released patches in versions 7.6.6 and 7.7.1 to address these issues. Organizations utilizing CryptoPro Secure Disk are urged to update to these versions promptly. For those unable to update immediately, encrypting the Pre-Boot Authentication (PBA) partition is recommended, a feature available since version 7.6.0 and enabled by default from version 7.7.
Additionally, SEC Consult advises companies to perform comprehensive security assessments of their encryption solutions to detect and mitigate potential vulnerabilities. Staying updated with software patches and security practices is crucial to maintaining the integrity and confidentiality of sensitive data.
