---

Security Bulletin #25-009 - DriveLock Agent: Incorrect Permissions on Log Directory (CVE-2025-67794)

---

---

First published: 2025-11-12

Last updated: n/a

CVE: CVE-2025-67794

CVSS Score: HIGH 7.5 – CVSS:3.1/ AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Affected product(s): DriveLock SE — DriveLock Agent (Windows) (see versions below)

Disclosure status: Coordinated

Vulnerability type / classification: Incorrect Access Control (Local Privilege Escalation)

Attack type: Local

Attack vector: Exploitation of a local vulnerability

---

Summary

Incorrect access control on DriveLock directories and event/log files allowed non-administrative users to have enhanced permissions.

Description

In the affected versions, directories and files created by the agent were created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent.

Affected versions

• DriveLock 24.1 — vulnerable (will not be fixed due to EoL)

• DriveLock 24.2 — vulnerable (fixed in 24.2.8)

• DriveLock 25.1 — vulnerable (fixed in 25.1.6)

References

• CVE-2025-67794

Credits

Our sincere appreciation goes to Armin Stock, who discovered this vulnerability and responsibly disclosed it to us in a trusted and constructive manner.

Mitigation

• Update to the patched versions immediately

Fixed in

• DriveLock 24.2.8

• DriveLock 25.1.6

How to update your environment

• To ensure continued protection, update to at least version 2024.2.8.

• Our strong recommendation is to upgrade directly to version 25.1 Patch 4 (25.1.6) for optimum security and support.

• Older versions are also affected but are no longer eligible for patches due to End-of-Life (EoL) status.

An overview of supported DriveLock versions is available upon request.

Additionally, regardless of this specific issue, we always recommend using the latest release of DriveLock to benefit from ongoing improvements and security enhancements.