CVE 9.8 CRITICAL

CVE-2025-67791_CVE-2025-67791

December 18, 2025 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. An incomplete configuration (agent authentication) in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES (DriveLock Enterprise Service).

AI Analysis

Incomplete configuration in DriveLock allows attackers to impersonate agents

Basic Information

ID CVE-2025-67791

Source mitre

Published Dec 17, 2025 at 00:00

Modified Dec 18, 2025 at 19:52

Affected Product

Vendor CenterTools

Product DriveLock

Version 24.1, 24.2, 25.1

Affected Versions n/a n/a n/a

CWE Classification

CWE-287

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor CenterTools

Product DriveLock

Version 24.1, 24.2, 25.1

References

drivelock.help /versions/current/web/en/releasenotes/Content/ReleaseNotes_DriveLock/SecurityBulletins/25-006-DESMisconfig.htm

{
    "lastseen": "",
    "description": "An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. An incomplete configuration (agent authentication) in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES (DriveLock Enterprise Service).",
    "published": "2025-12-17T00:00:00.000Z",
    "modified": "2025-12-18T19:52:55.631Z",
    "type": "cve",
    "title": "CVE-2025-67791",
    "source": "mitre",
    "references": "https://drivelock.help/versions/current/web/en/releasenotes/Content/ReleaseNotes_DriveLock/SecurityBulletins/25-006-DESMisconfig.htm",
    "id": "CVE-2025-67791",
    "bulletinFamily": "",
    "cwe": [
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DriveLock",
    "version": "24.1, 24.2, 25.1",
    "vendor": "CenterTools",
    "ai_description": "Incomplete configuration in DriveLock allows attackers to impersonate agents",
    "ai_severity": "Critical",
    "ai_vendor": "CenterTools",
    "ai_product": "DriveLock",
    "ai_version": "24.1, 24.2, 25.1",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply