Cyber Resilience

CVE-2025-67791

Critical

Published: 17 December 2025

Published
17 December 2025
Modified
18 December 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0033 24.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67791 is a critical-severity Improper Authentication (CWE-287) vulnerability in Drivelock Drivelock. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 24.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and IA-3 (Device Identification and Authentication).

Deeper analysis

CVE-2025-67791, published on 2025-12-17, is a critical vulnerability with a CVSS 3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting DriveLock versions 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. The flaw involves an incomplete configuration in agent authentication within the DriveLock tenant, which allows attackers to impersonate any DriveLock agent on the network when interacting with the DES (DriveLock Enterprise Service). It is linked to CWE-287 (Improper Authentication).

The vulnerability can be exploited by unauthenticated remote attackers with network access to the affected DES, requiring low complexity and no user interaction. Exploitation enables full impersonation of legitimate agents, granting high-impact access that compromises confidentiality, integrity, and availability of the DriveLock Enterprise Service.

Mitigation details are provided in the vendor's security bulletin at https://drivelock.help/versions/current/web/en/releasenotes/Content/ReleaseNotes_DriveLock/SecurityBulletins/25-006-DESMisconfig.htm.

EU & UK References

Vulnerability details

An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. An incomplete configuration (agent authentication) in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES (DriveLock Enterprise Service).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1684.001 Impersonation Stealth
Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf.
Why these techniques?

The vulnerability enables unauthenticated remote exploitation of the DriveLock Enterprise Service (DES) via improper agent authentication (T1210) and allows full impersonation of legitimate DriveLock agents (T1656).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-21633Shared CWE-287
CVE-2026-24241Shared CWE-287
CVE-2024-6107Shared CWE-287
CVE-2025-26438Shared CWE-287
CVE-2025-56752Shared CWE-287
CVE-2026-0558Shared CWE-287
CVE-2026-49443Shared CWE-287
CVE-2024-13528Shared CWE-287
CVE-2026-2991Shared CWE-287
CVE-2026-27960Shared CWE-287

Affected Assets

drivelock
drivelock
24.1 — 24.1.4 · 24.2 — 24.2.8 · 25.1 — 25.1.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires authentication of devices such as DriveLock agents before establishing connections with the DES, preventing unauthorized impersonation due to incomplete agent authentication.

prevent

Mandates establishment and verification of secure configuration settings for agent authentication in the DriveLock tenant, directly addressing the incomplete configuration vulnerability.

prevent

Ensures proper management and distribution of authenticators used by DriveLock agents, mitigating risks from improperly configured or weak authentication mechanisms.

References