CVE-2025-67794

MEDIUM

Drivelock < 24.1.4 - Incorrect Permission Assignment

Title source: rule

Description

An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent.

References (1)

[Release Notes, Vendor Advisory] https://drivelock.help/sb/Content/SecurityBulletins/25-009-AgIncPermissions.htm

Scores

CVSS v3 6.1

EPSS 0.0002

EPSS Percentile 6.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-732

Status published

Products (1)

drivelock/drivelock 24.1 - 24.1.4

Published Dec 17, 2025

Tracked Since Feb 18, 2026