CVE-2025-67794

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-67794

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67794.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-67794

Published

2025-12-17T22:16:00.033Z

Modified

2026-03-13T03:42:15.767661Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L CVSS Calculator

Summary

[none]

Details

An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent.

References

https://drivelock.help/sb/Content/SecurityBulletins/25-009-AgIncPermissions.htm

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "24.1"
            },
            {
                "last_affected": "24.1.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "24.2"
            },
            {
                "fixed": "24.2.8"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "25.1"
            },
            {
                "fixed": "25.1.6"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67794.json"