CVE-2025-67791

Critical

Published: 17 December 2025

Published

17 December 2025

Modified

18 December 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 29.3th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67791 is a critical-severity Improper Authentication (CWE-287) vulnerability in Drivelock Drivelock. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 29.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and IA-3 (Device Identification and Authentication).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

IA-3 Device Identification and Authentication good match

prevent

Directly requires authentication of devices such as DriveLock agents before establishing connections with the DES, preventing unauthorized impersonation due to incomplete agent authentication.

CM-6 Configuration Settings good match

prevent

Mandates establishment and verification of secure configuration settings for agent authentication in the DriveLock tenant, directly addressing the incomplete configuration vulnerability.

IA-5 Authenticator Management partial match

prevent

Ensures proper management and distribution of authenticators used by DriveLock agents, mitigating risks from improperly configured or weak authentication mechanisms.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1684.001 Impersonation Stealth

Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf.

attack.mitre.org →

Why these techniques?

The vulnerability enables unauthenticated remote exploitation of the DriveLock Enterprise Service (DES) via improper agent authentication (T1210) and allows full impersonation of legitimate DriveLock agents (T1656).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. An incomplete configuration (agent authentication) in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES (DriveLock Enterprise Service).

Deeper analysisAI

CVE-2025-67791, published on 2025-12-17, is a critical vulnerability with a CVSS 3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting DriveLock versions 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. The flaw involves an incomplete configuration in agent authentication within the DriveLock tenant, which allows attackers to impersonate any DriveLock agent on the network when interacting with the DES (DriveLock Enterprise Service). It is linked to CWE-287 (Improper Authentication).

The vulnerability can be exploited by unauthenticated remote attackers with network access to the affected DES, requiring low complexity and no user interaction. Exploitation enables full impersonation of legitimate agents, granting high-impact access that compromises confidentiality, integrity, and availability of the DriveLock Enterprise Service.

Mitigation details are provided in the vendor's security bulletin at https://drivelock.help/versions/current/web/en/releasenotes/Content/ReleaseNotes_DriveLock/SecurityBulletins/25-006-DESMisconfig.htm.