CVE-2025-67794

EUVD-2025-204000
An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
drivelockdrivelock
24.1 ≤
𝑥
≤ 24.1.4
drivelockdrivelock
24.2 ≤
𝑥
< 24.2.8
drivelockdrivelock
25.1 ≤
𝑥
< 25.1.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://drivelock.help/sb/Content/SecurityBulletins/25-009-AgIncPermissions.htm