CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://drivelock.help/sb/Content/SecurityBulletins/25-009-AgIncPermissions.htm	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:drivelock:drivelock::::::::
	cpe:2.3:a:drivelock:drivelock::::::::
	cpe:2.3:a:drivelock:drivelock::::::::

History

No history.

Information

Published : 2025-12-17 22:16

Updated : 2025-12-18 20:16

NVD link : CVE-2025-67794

Mitre link : CVE-2025-67794

CVE.ORG link : CVE-2025-67794

JSON object : View

Products Affected

drivelock

drivelock

CWE

NVD-CWE-noinfo CWE-732

Incorrect Permission Assignment for Critical Resource

{"id": "CVE-2025-67794", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}]}, "published": "2025-12-17T22:16:00.033", "references": [{"url": "https://drivelock.help/sb/Content/SecurityBulletins/25-009-AgIncPermissions.htm", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent."}], "lastModified": "2025-12-18T20:16:08.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drivelock:drivelock:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BC18C3F-72CF-427C-ACE9-AD5991B25CB9", "versionEndIncluding": "24.1.4", "versionStartIncluding": "24.1"}, {"criteria": "cpe:2.3:a:drivelock:drivelock:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53D1B5B2-C669-40F0-89CE-C0354A897676", "versionEndExcluding": "24.2.8", "versionStartIncluding": "24.2"}, {"criteria": "cpe:2.3:a:drivelock:drivelock:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FD804DF-40A9-4A76-950E-06EBD968CFE9", "versionEndExcluding": "25.1.6", "versionStartIncluding": "25.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}