CVE-2025-67792
HIGH WAF: Low
CVSS 7.8
Published: 2025-12-17
CWE-269
An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to execute arbitrary commands on Windows computers.
WAF Coverage Analysis
Improper Privilege Management
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| drivelock | drivelock | 24.1 - 24.1.6 |
| drivelock | drivelock | 24.2 - 24.2.7 |
| drivelock | drivelock | 25.1 - 25.1.5 |
References
- drivelock.help (Release Notes, Vendor Advisory)