CVE-2025-67794 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.1 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
mitre	CNA	---				---
CISA-ADP	ADP	8.4 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Vendor	Product	Version
drivelock	drivelock	24.1 ≤ 𝑥 ≤ 24.1.4
drivelock	drivelock	24.2 ≤ 𝑥 < 24.2.8
drivelock	drivelock	25.1 ≤ 𝑥 < 25.1.6

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Vulnerability Media Exposure

[GERMAN] DriveLock: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in DriveLock ausnutzen, um sich erweiterte Berechtigungen zu verschaffen – darunter Administratorrechte –, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen oder Daten zu manipulieren.
Published: 2025-12-17T23:00:00+00:00

References

https://drivelock.help/sb/Content/SecurityBulletins/25-009-AgIncPermissions.htm