Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2025-67791

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 through 25.1.*. An incomplete configuration (agent authentication) in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES (DriveLock Enterprise Service).

Published: Dec 17, 2025
Updated: Dec 19, 2025
CVE: CVE-2025-67791
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
drivelock / drivelock	24.1	24.1.4.x
drivelock / drivelock	24.2	24.2.8.x
drivelock / drivelock	25.1	25.1.6.x

https://drivelock.help/versions/current/web/en/releasenotes/Content/ReleaseNotes_DriveLock/SecurityBulletins/25-006-DESMisconfig.htm

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo