CVE-2025-67791

Published: Dec 17, 2025Modified: Dec 18, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. An incomplete configuration (agent authentication) in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES (DriveLock Enterprise Service).

Affected (3)

Products: Drivelock: Drivelock

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Drivelock Drivelock	From 24.1 to 24.1.4
Drivelock Drivelock	From 24.2 to 24.2.8
Drivelock Drivelock	From 25.1 to 25.1.6

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (1)

https://drivelock.help/versions/current/web/en/releasenotes/Content/ReleaseNotes_DriveLock/SecurityBulletins/25-006-DESMisconfig.htm

Source: cve@mitre.org

Release NotesVendor Advisory

Timeline

No history available yet.