CVE-2025-10010

Name of the Vulnerable Software and Affected Versions CPSD CryptoPro Secure Disk (affected versions not specified)

Description The CPSD CryptoPro Secure Disk application utilizes a small Linux operating system for user authentication prior to BitLocker decryption of the Windows partition. The Linux system resides on a separate, unencrypted partition accessible to anyone with hard disk access. Configuration files are not validated by the Integrity Measurement Architecture (IMA), allowing modification if not checked by other measures. This enables an attacker to execute arbitrary code with root privileges, potentially planting a backdoor and accessing data during execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.