CVE-2025-67789

Published: Dec 17, 2025Modified: Dec 18, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Authenticated users can retrieve the computer count of other DriveLock tenants via the DriveLock API.

Affected (3)

Products: Drivelock: Drivelock

Drivelock

1 product

Drivelock

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Drivelock Drivelock	From 24.1 to 24.1.6
Drivelock Drivelock	From 24.2 to 24.2.7
Drivelock Drivelock	From 25.1 to 25.1.5

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

https://drivelock.help/versions/current/web/en/releasenotes/Content/ReleaseNotes_DriveLock/SecurityBulletins/25-004-DESInfoDisclosure.htm

Source: cve@mitre.org

Release NotesVendor Advisory

Timeline

No history available yet.