CVE-2025-67793

Name of the Vulnerable Software and Affected Versions DriveLock versions 24.1 through 24.1.* DriveLock versions 24.2 through 24.2.* DriveLock versions 25.1 through 25.1.5

Description A flaw exists in DriveLock where users possessing the "Manage roles and permissions" privilege can elevate their own or other users' privileges to the Supervisor role by making an API call. This privilege is, by default, granted to users with the Administrator role. The issue primarily impacts cloud multi-tenant deployments, while on-prem single-tenant installations are typically not affected as local administrators generally already have Supervisor privileges. The affected API endpoint is not specified. The vulnerable parameter or variable is not specified. The vulnerable function is not specified.

Recommendations Update DriveLock to version 25.1.6 or later.