CVE-2025-67781

Published: Dec 17, 2025Modified: Jan 2, 2026

9.9

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.1 / Impact: 6.0

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate privileged processes to gain more privileges on Windows computers.

Affected (3)

Products: Drivelock: Drivelock

Drivelock

1 product

Drivelock

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Drivelock Drivelock	From 24.1 to 24.1.6
Drivelock Drivelock	From 24.2 to 24.2.7
Drivelock Drivelock	From 25.1 to 25.1.5

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (1)

https://drivelock.help/en-us/Content/Home.htm

Source: cve@mitre.org

Product

Timeline

No history available yet.