CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/12/17 12:0 a.m.•6 views

CVE-2025-67791

Summary: CVE-2025-67791 describes an incomplete tenant configuration in DriveLock (versions 24.1., 24.2. , 25.1.*) that allows an attacker to impersonate any DriveLock agent on the network when targeting the DriveLock Enterprise Service (DES). Affected products/versions (as stated): DriveLock 24....

9.8CVSS6.5AI score0.00326EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/12/17 12:0 a.m.•16 views

CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

0.00097EPSS

CVE•added 2025/12/17 12:0 a.m.•7 views

CVE-2025-67794

CVE-2025-67794 affects DriveLock agents (versions 24.1–24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6). The root cause is overly permissive ACLs on directories and files created by the agent, enabling local users without administrator rights to trigger actions or destabilize the agent. Multip...

8.4CVSS6.3AI score0.00097EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/12/17 12:0 a.m.•4 views

PT-2025-51898

Name of the Vulnerable Software and Affected Versions DriveLock versions 24.1 through 24.1.5 DriveLock versions 24.2 through 24.2.6 DriveLock versions 25.1 through 25.1.4 Description An issue exists where authenticated users can obtain the computer count for other DriveLock tenants through the...

5.3CVSS6.2AI score0.00187EPSS

Positive Technologies•added 2025/12/17 12:0 a.m.•2 views

PT-2025-51895

Name of the Vulnerable Software and Affected Versions DriveLock versions 24.1 through 24.1.5 DriveLock versions 24.2 through 24.2.6 DriveLock versions 25.1 through 25.1.4 Description Local users with limited privileges can manipulate processes running with higher privileges on Windows systems. Th...

9.9CVSS6.8AI score0.00237EPSS

Positive Technologies•added 2025/12/17 12:0 a.m.•2 views

PT-2025-51918

Name of the Vulnerable Software and Affected Versions DriveLock versions 24.1 through 24.1.5 DriveLock versions 24.2 through 24.2.6 DriveLock versions 25.1 through 25.1.4 Description A security issue exists in DriveLock that allows local users with limited privileges to manipulate a DriveLock...

8.8CVSS6.5AI score0.00114EPSS

Positive Technologies•added 2025/12/17 12:0 a.m.•2 views

PT-2025-51925

Name of the Vulnerable Software and Affected Versions DriveLock versions 24.1 through 24.1. DriveLock versions 24.2 through 24.2.7 DriveLock versions 25.1 through 25.1.5 Description The DriveLock agent creates directories and files with overly permissive Access Control Lists ACLs. This allows loc...

8.4CVSS6.4AI score0.00097EPSS

Positive Technologies•added 2025/12/17 12:0 a.m.•2 views

PT-2025-51924

Name of the Vulnerable Software and Affected Versions DriveLock versions 24.1 through 24.1. DriveLock versions 24.2 through 24.2. DriveLock versions 25.1 through 25.1. Description An incomplete configuration related to agent authentication in DriveLock tenants can allow attackers to impersonate a...

9.8CVSS6.8AI score0.00326EPSS

Vulnrichment•added 2025/12/17 12:0 a.m.•3 views

CVE-2025-67790

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause occasionally a Blue Screen Of Death BSOD on Windows computers by using an IOCTL and an unterminated string...

6.5AI score0.00273EPSS

Positive Technologies•added 2025/12/17 12:0 a.m.•2 views

PT-2025-51896

Name of the Vulnerable Software and Affected Versions DriveLock Operations Center versions 25.1.2 through 25.1.4 Description A Cross Site Scripting XSS issue exists in DriveLock Operations Center, potentially allowing for session takeover over a network. Recommendations Update to version 25.1.5 o...

9.6CVSS6AI score0.00221EPSS

Cvelist•added 2025/12/17 12:0 a.m.•25 views

CVE-2025-67781

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate privileged processes to gain more privileges on Windows computers...

0.00237EPSS

EUVD•added 2025/12/17 12:0 a.m.•2 views

EUVD-2025-203947

An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting XSS issue in DriveLock Operations Center allows for session takeover over a network...

9.6CVSS5.8AI score0.00221EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2007-5189

Malware in sbrugna...

9.3CVSS6.4AI score0.0397EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-31355

Malicious code in bioql PyPI...

9.9CVSS6.6AI score0.00405EPSS

RedhatCVE•added 2025/09/27 12:48 a.m.•6 views

CVE-2025-55187

In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gain elevated privileges...

9.9CVSS7AI score0.00405EPSS

OSV•added 2025/09/26 3:16 p.m.•1 views

CVE-2025-55187

In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gain elevated privileges...

9.9CVSS5.8AI score0.00405EPSS

NVD•added 2025/09/26 3:16 p.m.•3 views

CVE-2025-55187

In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gain elevated privileges...

9.9CVSS0.00405EPSS

CNNVD•added 2025/09/26 12:0 a.m.•1 views

DriveLock 安全漏洞

DriveLock is an endpoint security and data protection platform from DriveLock Germany. A security vulnerability exists in DriveLock versions prior to 24.1.5, 24.2.6, and 25.1.4, which stems from an attacker being able to gain elevated privileges...

9.9CVSS7AI score0.00405EPSS

Cvelist•added 2025/09/26 12:0 a.m.•6 views

CVE-2025-55187

In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gain elevated privileges...

0.00405EPSS