PT-2025-51925 · Drivelock · Drivelock
Published
2025-12-17
·
Updated
2025-12-21
·
CVE-2025-67794
CVSS v3.1
8.4
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
DriveLock versions 24.1 through 24.1.*
DriveLock versions 24.2 through 24.2.7
DriveLock versions 25.1 through 25.1.5
Description
The DriveLock agent creates directories and files with overly permissive Access Control Lists (ACLs). This allows local users without administrator privileges to potentially trigger actions or destabilize the agent.
Recommendations
Update DriveLock to version 24.2.8 or later.
Update DriveLock to version 25.1.6 or later.
Fix
LPE
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drivelock