Shodan
Vulnerabilities
Vulnerable Software
Drivelock:  >> Drivelock  >> 24.2.1  Security Vulnerabilities
CVE-2025-67794
An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-17
CVE-2025-67791
An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. An incomplete configuration (agent authentication) in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES (DriveLock Enterprise Service).
CVSS Score
9.8
EPSS Score
0.001
Published
2025-12-17
CVE-2025-67789
An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Authenticated users can retrieve the computer count of other DriveLock tenants via the DriveLock API.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-12-17
CVE-2025-67790
An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause occasionally a Blue Screen Of Death (BSOD) on Windows computers by using an IOCTL and an unterminated string.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-12-17
CVE-2025-67792
An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to execute arbitrary commands on Windows computers.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-12-17
CVE-2025-67793
An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by default in the Administrator role. This issue mainly affects cloud multi-tenant deployments; on-prem single-tenant installations are typically not impacted because local admins usually already have Supervisor privileges.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-12-17
CVE-2025-67781
An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate privileged processes to gain more privileges on Windows computers.
CVSS Score
9.9
EPSS Score
0.001
Published
2025-12-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved