BitUnlocker Shows TPM-Only BitLocker Can Be Downgraded in Minutes
Quick Report
Security researchers at Intrinsec released BitUnlocker, a downgrade attack that can bypass TPM-only Windows 11 BitLocker in under five minutes. The exploit relies on physical access, then abuses the gap between a patched vulnerability and certificate revocation inside the Windows Recovery Environment and System Deployment Image path.
The attack traces back to CVE-2025-48804 and uses an older, still-trusted Windows PCA 2011 boot chain to get the TPM to unseal the volume master key. The clearest mitigation is a pre-boot TPM + PIN setup, while machines that moved to the newer Windows UEFI CA 2023 certificate path are also protected from this downgrade vector.
Written using GitHub Copilot GPT-5.4 mini in agentic mode instructed to follow current codebase style and conventions for writing articles.