Security Bulletin #25-009 - DriveLock Agent: Incorrect Permissions on Log Directory

First published: 2025-11-12

Last updated: n/a

CVE: CVE-2025-XXXXX (requested) — official record will be available on MITRE once published.

CVSS Score: HIGH 7.5 – CVSS:3.1/ AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Affected product(s): DriveLock SE — DriveLock Agent (Windows) (see versions below)

Disclosure status: Coordinated

Vulnerability type / classification: Incorrect Access Control (Local Privilege Escalation)

Attack type: Local

Attack vector: Exploitation of a local vulnerability

Summary

Incorrect access control on DriveLock directories and event/log files allowed non-administrative users to have enhanced permissions.

Description

In the affected versions, directories and files created by the agent were created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent.

Affected versions

DriveLock 24.1 — vulnerable (will not be fixed due to EoL)
DriveLock 24.2 — vulnerable (fixed in 24.2.8)
DriveLock 25.1 — vulnerable (fixed in 25.1.6)

References

CVE-2025-XXX (requested) — official record will be available on MITRE once published.

Mitigation

Update to the patched versions immediately

Fixed in

DriveLock 24.2.8
DriveLock 25.1.6

How to update your environment

To ensure continued protection, update to at least version 2024.2.8.
Our strong recommendation is to upgrade directly to version 25.1 Patch 4 (25.1.6) for optimum security and support.
Older versions are also affected but are no longer eligible for patches due to End-of-Life (EoL) status.

An overview of supported DriveLock versions is available upon request.

Additionally, regardless of this specific issue, we always recommend using the latest release of DriveLock to benefit from ongoing improvements and security enhancements.

A CVE has been requested and is currently under review by an official CNA authority. We will inform you once it is published.