Security researchers at Intrinsec have released BitUnlocker, a tool that bypasses Windows 11 BitLocker encryption in under five minutes. Rooted in CVE-2025-48804, a flaw patched in July 2025, the exploit targets the Windows Recovery Environment and System Deployment Image mechanism. An attacker needs physical access to the machine, feeding a flash drive containing a legitimate Windows Imaging Format file alongside a malicious payload.

The system verifies the clean file but blindly boots the attacker's code, granting access to the decrypted volume. What makes this particularly dangerous is the downgrade vector. Microsoft's legacy Windows PCA 2011 certificate remains globally trusted by Secure Boot, meaning attackers can load an older, vulnerable boot manager that the system authenticates without question. When that downgraded boot manager runs, the TPM verifies system measurements against the trusted certificate, finds no anomalies, and unseals the BitLocker Volume Master Key silently.

For anyone relying on default TPM-only configurations, this is a serious wake-up call. Systems using a TPM paired with a pre-boot PIN are completely immune, since the hardware requires physical interaction before releasing keys. Machines that have applied the KB5025885 update, which migrates to the modern Windows UEFI CA 2023 certificate, are also shielded from this particular downgrade path.