You obviously have no idea how Bitlocker works. It is architecturally similar to many other full-disk encryption packages.
There is a volume encryption key which is used to encrypt the user data on the disk. This key is generally used with a fast symmetric cipher like AES. Once the initial volume encryption is completed, all reads/writes require the key to encrypt or decrypt the data.
The volume encryption key is encrypted with the public key or password for each unique user. Thus, each user has his own means of accessing the volume key, which must be the same for everyone. There is an encrypted copy of the volume key on the hard drive for every user. It could be one, or it could a hundred. (In most enterprises, the TPM is also a "user" who can unlock the drive with its key.)
In this case, the disk can be temporarily "unlocked" if an administrator suspends Bitlocker. When Bitlocker is suspended, the volume encryption key is stored in a cleartext container on disk. That volume will automatically unlock until Bitlocker protection is reenabled, which scrubs the cleartext key.
Microsoft should require administrator consent before suspending Bitlocker, so this is more of a design flaw than an exploit. Manually suspending Bitlocker does require administrator privileges.