Drivelock

drivelock

9 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-67794 1Drivelock 1Drivelock Dec 18, 2025 Dec 17, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without admin...Show more An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent.Show less
CVE-2025-67791 1Drivelock 1Drivelock Dec 18, 2025 Dec 17, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 through 25.1.. An incomplete configuration (agent authentication) in DriveLock tenant allows attackers to impersonate any DriveLock...Show more An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 through 25.1.. An incomplete configuration (agent authentication) in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES (DriveLock Enterprise Service).Show less
CVE-2025-67793 1Drivelock 1Drivelock Jan 2, 2026 Dec 17, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor r...Show more An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by default in the Administrator role. This issue mainly affects cloud multi-tenant deployments; on-prem single-tenant installations are typically not impacted because local admins usually already have Supervisor privileges.Show less
CVE-2025-67792 1Drivelock 1Drivelock Dec 18, 2025 Dec 17, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to execute arbitrary commands on Windows computers.
CVE-2025-67790 1Drivelock 1Drivelock Dec 18, 2025 Dec 17, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause occasionally a Blue Screen Of Death (BSOD) on Windows computers by using an IOCTL and...Show more An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause occasionally a Blue Screen Of Death (BSOD) on Windows computers by using an IOCTL and an unterminated string.Show less
CVE-2025-67789 1Drivelock 1Drivelock Dec 18, 2025 Dec 17, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Authenticated users can retrieve the computer count of other DriveLock tenants via the DriveLock API.
CVE-2025-67787 1Drivelock 1Drivelock Jan 2, 2026 Dec 17, 2025 N/A· v4 9.6 CRITICAL· v3 N/A· v2 An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting (XSS) issue in DriveLock Operations Center allows for session takeover over a network.
CVE-2025-67781 1Drivelock 1Drivelock Jan 2, 2026 Dec 17, 2025 N/A· v4 9.9 CRITICAL· v3 N/A· v2 An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate privileged processes to gain more privileges on Windows computers.
CVE-2025-55187 1Drivelock 1Drivelock Oct 8, 2025 Sep 26, 2025 N/A· v4 9.9 CRITICAL· v3 N/A· v2 In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gain elevated privileges.