CVE-2025-67793

Critical CVSS: 9.8

An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by default in the Administrator role. This issue mainly affects cloud multi-tenant deployments; on-prem single-tenant installations are typically not impacted because local admins usually already have Supervisor privileges.

Vendor

Drivelock

Product

Drivelock

CWE

CWE-269

Yayın Tarihi

2025-12-17 21:16:16

Güncelleme

2026-01-02 15:54:36

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-269 Drivelock CRITICAL Drivelock 2025

Referanslar

https://drivelock.help/sb/Content/SecurityBulletins/25-008-DESPrivilegeEsc.htm

Benzer Kayıtlar

Medium

CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and fi…

Critical

CVE-2025-67791

An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. An incomplete co…

Medium

CVE-2025-67789

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Authenticated users…

High

CVE-2025-67790

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged use…

High

CVE-2025-67792

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged…

Critical

CVE-2025-67787

An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting (XSS) issue in DriveLock Operations Center allow…