CVE-2025-67794

EUVD-2025-204000
An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CISA-ADPADP
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
drivelockdrivelock
24.1 ≤
𝑥
≤ 24.1.4
drivelockdrivelock
24.2 ≤
𝑥
< 24.2.8
drivelockdrivelock
25.1 ≤
𝑥
< 25.1.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://drivelock.help/sb/Content/SecurityBulletins/25-009-AgIncPermissions.htm