EUVD-2025-203940

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate privileged processes to gain more privileges on Windows computers...

CVE-2025-67791

Summary: CVE-2025-67791 describes an incomplete tenant configuration in DriveLock (versions 24.1., 24.2. , 25.1.*) that allows an attacker to impersonate any DriveLock agent on the network when targeting the DriveLock Enterprise Service (DES). Affected products/versions (as stated): DriveLock 24....

DriveLock 安全漏洞

DriveLock is an endpoint security and data protection platform from DriveLock Germany. A security vulnerability exists in DriveLock versions prior to 24.1.6, prior to 24.2.7, and prior to 25.1.5, which originates from an unprivileged user who may be able to cause a Windows computer to experience ...

CVE-2025-67787

An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting XSS issue in DriveLock Operations Center allows for session takeover over a network...

CVE-2025-67792

DriveLock is affected in versions 24.1 (before 24.1.6), 24.2 (before 24.2.7), and 25.1 (before 25.1.5). The issue allows local unprivileged users to manipulate a DriveLock process on Windows to execute arbitrary commands. Root cause details are not fully disclosed in the provided excerpts, but mu...

DriveLock 安全漏洞

DriveLock is an endpoint security and data protection platform from DriveLock Germany. A security vulnerability exists in DriveLock versions 24.1 and earlier, 24.2 and earlier, and 25.1 and earlier, which stems from an incomplete configuration of agent authentication in DriveLock tenants, which...

PT-2025-51896

Name of the Vulnerable Software and Affected Versions DriveLock Operations Center versions 25.1.2 through 25.1.4 Description A Cross Site Scripting XSS issue exists in DriveLock Operations Center, potentially allowing for session takeover over a network. Recommendations Update to version 25.1.5 o...

DriveLock 安全漏洞

DriveLock is an endpoint security and data protection platform from DriveLock Germany. A security vulnerability exists in DriveLock versions 24.1 and prior to 24.1.x, 24.2 and prior to 24.2.x, and 25.1.6 and prior to 25.1.6, which stems from the fact that a user with administrative role and...

CVE-2025-67781

DriveLock is affected across multiple tracks: versions 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5 on Windows suffer privilege escalation via local unprivileged users manipulating privileged processes. The root cause is not explicitly detailed in the provided documents beyond t...

CVE-2025-67790

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause occasionally a Blue Screen Of Death BSOD on Windows computers by using an IOCTL and an unterminated string...

DriveLock 安全漏洞

DriveLock is an endpoint security and data protection platform from DriveLock Germany. A security vulnerability exists in DriveLock 24.1 and prior versions 24.1.x, 24.2.8 and prior versions 24.2.8, and 25.1.6 and prior versions 24.1.x. The vulnerability stems from an agent that creates files and...

PT-2025-51918

Name of the Vulnerable Software and Affected Versions DriveLock versions 24.1 through 24.1.5 DriveLock versions 24.2 through 24.2.6 DriveLock versions 25.1 through 25.1.4 Description A security issue exists in DriveLock that allows local users with limited privileges to manipulate a DriveLock...

CVE-2025-67787

DriveLock Operations Center is affected by a Cross Site Scripting (XSS) flaw in versions 25.1.2 through 25.1.4, enabling potential session takeover over the network. The issue is documented across multiple sources (Red Hat, NVD, CNNVD, etc.) and is tied to version 25.1.2 before 25.1.5. The common...

CVE-2025-67789

The vulnerability CVE-2025-67789 affects DriveLock: versions 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. The issue allows authenticated users to retrieve the computer count of other DriveLock tenants via the DriveLock API, indicating an information-disclosure weakness likely d...

CVE-2025-67790

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause occasionally a Blue Screen Of Death BSOD on Windows computers by using an IOCTL and an unterminated string...

CVE-2025-67791

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 through 25.1.. An incomplete configuration agent authentication in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES DriveLock Enterprise Service...

CVE-2025-67789

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Authenticated users can retrieve the computer count of other DriveLock tenants via the DriveLock API...

CVE-2025-67789

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Authenticated users can retrieve the computer count of other DriveLock tenants via the DriveLock API...

PT-2025-51898

Name of the Vulnerable Software and Affected Versions DriveLock versions 24.1 through 24.1.5 DriveLock versions 24.2 through 24.2.6 DriveLock versions 25.1 through 25.1.4 Description An issue exists where authenticated users can obtain the computer count for other DriveLock tenants through the...

PT-2025-51895

Name of the Vulnerable Software and Affected Versions DriveLock versions 24.1 through 24.1.5 DriveLock versions 24.2 through 24.2.6 DriveLock versions 25.1 through 25.1.4 Description Local users with limited privileges can manipulate processes running with higher privileges on Windows systems. Th...