CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://drivelock.help/sb/Content/SecurityBulletins/25-009-AgIncPermissions.htm	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:drivelock:drivelock::::::::
	cpe:2.3:a:drivelock:drivelock::::::::
	cpe:2.3:a:drivelock:drivelock::::::::

History

18 Dec 2025, 20:16

Type	Values Removed	Values Added
CWE		CWE-732
References	~~() https://drivelock.help/sb/Content/SecurityBulletins/25-009-AgIncPermissions.htm - Vendor Advisory, Release Notes~~	() https://drivelock.help/sb/Content/SecurityBulletins/25-009-AgIncPermissions.htm - Release Notes, Vendor Advisory

18 Dec 2025, 19:39

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:drivelock:drivelock::::::::
References	~~() https://drivelock.help/sb/Content/SecurityBulletins/25-009-AgIncPermissions.htm -~~	() https://drivelock.help/sb/Content/SecurityBulletins/25-009-AgIncPermissions.htm - Vendor Advisory, Release Notes
First Time		Drivelock Drivelock drivelock
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.1

17 Dec 2025, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-17 22:16

Updated : 2025-12-18 20:16

NVD link : CVE-2025-67794

Mitre link : CVE-2025-67794

CVE.ORG link : CVE-2025-67794

JSON object : View

Products Affected

drivelock

drivelock

CWE

NVD-CWE-noinfo CWE-732

Incorrect Permission Assignment for Critical Resource

{"id": "CVE-2025-67794", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}]}, "published": "2025-12-17T22:16:00.033", "references": [{"url": "https://drivelock.help/sb/Content/SecurityBulletins/25-009-AgIncPermissions.htm", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent."}], "lastModified": "2025-12-18T20:16:08.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drivelock:drivelock:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BC18C3F-72CF-427C-ACE9-AD5991B25CB9", "versionEndIncluding": "24.1.4", "versionStartIncluding": "24.1"}, {"criteria": "cpe:2.3:a:drivelock:drivelock:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53D1B5B2-C669-40F0-89CE-C0354A897676", "versionEndExcluding": "24.2.8", "versionStartIncluding": "24.2"}, {"criteria": "cpe:2.3:a:drivelock:drivelock:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FD804DF-40A9-4A76-950E-06EBD968CFE9", "versionEndExcluding": "25.1.6", "versionStartIncluding": "25.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}