CVE-2025-67791

Critical

Published: 17 December 2025

Published

17 December 2025

Modified

18 December 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 29.3th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. An incomplete configuration (agent authentication) in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES (DriveLock Enterprise Service).

Mitigating Controls (NIST 800-53 r5)AI

IA-3 Device Identification and Authentication good match

prevent

Directly requires authentication of devices such as DriveLock agents before establishing connections with the DES, preventing unauthorized impersonation due to incomplete agent authentication.

CM-6 Configuration Settings good match

prevent

Mandates establishment and verification of secure configuration settings for agent authentication in the DriveLock tenant, directly addressing the incomplete configuration vulnerability.

IA-5 Authenticator Management partial match

prevent

Ensures proper management and distribution of authenticators used by DriveLock agents, mitigating risks from improperly configured or weak authentication mechanisms.

Security SummaryAI

CVE-2025-67791, published on 2025-12-17, is a critical vulnerability with a CVSS 3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting DriveLock versions 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. The flaw involves an incomplete configuration in agent authentication within the DriveLock tenant, which allows attackers to impersonate any DriveLock agent on the network when interacting with the DES (DriveLock Enterprise Service). It is linked to CWE-287 (Improper Authentication).

The vulnerability can be exploited by unauthenticated remote attackers with network access to the affected DES, requiring low complexity and no user interaction. Exploitation enables full impersonation of legitimate agents, granting high-impact access that compromises confidentiality, integrity, and availability of the DriveLock Enterprise Service.

Mitigation details are provided in the vendor's security bulletin at https://drivelock.help/versions/current/web/en/releasenotes/Content/ReleaseNotes_DriveLock/SecurityBulletins/25-006-DESMisconfig.htm.

Details

CWE(s): NVD-CWE-noinfo CWE-287

Affected Products

drivelock

24.1 — 24.1.4 · 24.2 — 24.2.8 · 25.1 — 25.1.6

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1684.001 Impersonation Stealth

Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf.

attack.mitre.org →

Why these techniques?

The vulnerability enables unauthenticated remote exploitation of the DriveLock Enterprise Service (DES) via improper agent authentication (T1210) and allows full impersonation of legitimate DriveLock agents (T1656).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://drivelock.help/versions/current/web/en/releasenotes/Content/ReleaseNotes_DriveLock/SecurityBulletins/25-006-DESMisconfig.htm
Release Notes, Vendor Advisory · cve@mitre.org