CVE-2025-67794
Last modified
CVE-2025-67794 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent.. EPSS estimates a 0.10% chance of exploitation in the next 30 days.
Description
An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Drivelock | Drivelock | >= 24.1, <= 24.1.4 |
| Drivelock | Drivelock | >= 24.2, < 24.2.8 |
| Drivelock | Drivelock | >= 25.1, < 25.1.6 |
References
- https://drivelock.help/sb/Content/SecurityBulletins/25-009-AgIncPermissions.htmRelease Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-67794?
How severe is CVE-2025-67794?
How do I fix CVE-2025-67794?
Are you affected by CVE-2025-67794?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST