CRITICAL🇵🇱 Wersja polska

CVE-2025-67781

CVSS 9.9v3.1pub. 2025-12-17upd. 2026-01-02

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate privileged processes to gain more privileges on Windows computers.

🤖 AI Analysis
How it works

The error results from improper permission management (CWE-269) — an unprivileged local user can interact with DriveLock privileged processes in a way that should not be possible. Through such manipulation, an attacker is able to take over or abuse the security context of these processes, effectively elevating their own privileges on a Windows workstation.

Impact

An attacker with access to a local account without administrative privileges can obtain higher privileges on a Windows computer, which in practice may mean full control over the system and the ability to bypass protection mechanisms imposed by DriveLock.

Mitigation & patch

DriveLock should be updated to version 24.1.6 or newer (24.1 branch), 24.2.7 or newer (24.2 branch), or 25.1.5 or newer (25.1 branch). Details are available in the manufacturer's documentation at the address indicated in the references.

Who is affected

DriveLock version 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5 — installed on computers with Windows operating system.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Drivelock

    APP
    Drivelock
    24.1 – 24.1.6 (bez)24.2 – 24.2.7 (bez)25.1 – 25.1.5 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-67791CRITICAL9.8PL ✓ten sam produkt

DriveLock — obejście uwierzytelniania agenta (Auth Bypass) w DES

CVE-2025-67787CRITICAL9.6PL ✓ten sam produkt

XSS w DriveLock Operations Center umożliwiający przejęcie sesji

CVE-2025-67793CRITICAL9.8PL ✓ten sam produkt

DriveLock — nieautoryzowana eskalacja uprawnień do roli Supervisor przez API

CVE-2025-55187CRITICAL9.9PL ✓ten sam produkt

DriveLock — privilege escalation umożliwiające przejęcie kontroli nad systemem

CVE-2025-67790HIGH7.5ten sam produkt

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unpriv...