Security Bulletin #25-005 — DriveLock Driver: Buffer Overread leading to BSOD (CVE request)

First published: 2025-09-25

Last updated: 2025-09-29

CVE: CVE-2025-XXXXX (requested) — official record will be available on MITRE once published.

CVSS Score: LOW 3.6 – CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

Affected product(s): DriveLock SE — DriveLock Agent (Windows) (see versions below)

Disclosure status: Coordinated

Vulnerability type / classification: Other/Unknown / Buffer Overread (Denial of Service / BSOD)

Attack type: Local

Attack vector: IOCTL

Summary

A buffer overread vulnerability in the DriveLock Driver on Windows endpoints can be triggered by non-privileged users via crafted IOCTL calls, potentially leading to a system crash (Blue Screen of Death).

Description

The DriveLock Driver fails to properly validate wide strings passed via certain IOCTL requests. By providing a non-terminated string, a local non-privileged attacker can trigger a buffer overread condition. This occasionally results in a Blue Screen of Death (BSOD), causing a denial of service on the affected Windows endpoint.

Affected versions

  • DriveLock 24.1 — vulnerable (fixed in 24.1.6)

  • DriveLock 24.2 — vulnerable (fixed in 24.2.7)

  • DriveLock 25.1 — vulnerable (fixed in 25.1.5)

Mitigation

Update to the patched versions immediately.

Until the fixed versions are deployed:

  • With correctly configured application control, this vulnerability is very difficult to exploit.

  • Restrict local access to untrusted users on sensitive systems.

  • Apply endpoint hardening to reduce exposure of IOCTL interfaces to untrusted processes.

Fixed in

  • DriveLock 24.1.6

  • DriveLock 24.2.7

  • DriveLock 25.1.5

References

  • CVE-2025-XXXXX (requested) — official record will be available on MITRE once published.

How to update your environment

  • To ensure continued protection, an update to at least version 2024.1.6 (EoL December 2025) is required.

  • Our strong recommendation is to upgrade directly to version 25.1 Patch 3 (25.1.5) for optimal security and support.

  • Older versions are also affected but are no longer eligible for patches due to End-of-Life (EoL) status.

An overview of supported DriveLock versions is available upon request.

Additionally, regardless of this specific issue, we always recommend using the latest release of DriveLock to benefit from ongoing improvements and security enhancements.

A CVE has been requested and is currently under review by an official CNA authority. We will inform you once it is published.