CVE-2025-67791
CRITICAL WAF: Low
CVSS 9.8
Published: 2025-12-17
CWE-287
An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. An incomplete configuration (agent authentication) in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES (DriveLock Enterprise Service).
WAF Coverage Analysis
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Affected Software
| Vendor | Product | Version |
|---|---|---|
| drivelock | drivelock | 24.1 - 24.1.4 |
| drivelock | drivelock | 24.2 - 24.2.8 |
| drivelock | drivelock | 25.1 - 25.1.6 |
References
- drivelock.help (Release Notes, Vendor Advisory)