Login Sign Up

CVE-2025-67789

5.3 MEDIUM

📋 TL;DR

This vulnerability allows authenticated users of DriveLock to retrieve the computer count of other tenants via the API, potentially exposing organizational information. It affects DriveLock versions 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5.

💻 Affected Systems

Products:
  • DriveLock
Versions: 24.1 before 24.1.6, 24.2 before 24.2.7, 25.1 before 25.1.5
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects multi-tenant DriveLock deployments where users can access the API.

📦 What is this software?

Drivelock by Drivelock

View all CVEs affecting Drivelock →

Drivelock by Drivelock

View all CVEs affecting Drivelock →

Drivelock by Drivelock

View all CVEs affecting Drivelock →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could map organizational structures, identify high-value targets, or gather intelligence for further attacks by correlating tenant computer counts with other information.

🟠

Likely Case

Information disclosure about tenant sizes and potentially organizational structures, though limited to computer counts.

🟢

If Mitigated

Minimal impact if proper access controls and network segmentation are in place, as the information is relatively low-sensitivity.

🌐 Internet-Facing: LOW - The vulnerability requires authenticated access, making internet-facing exploitation unlikely unless credentials are compromised.
🏢 Internal Only: MEDIUM - Authenticated internal users could exploit this to gather information about other organizational units.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires valid authentication credentials and API access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.1.6, 24.2.7, or 25.1.5

Vendor Advisory: https://drivelock.help/versions/current/web/en/releasenotes/Content/ReleaseNotes_DriveLock/SecurityBulletins/25-004-DESInfoDisclosure.htm

Restart Required: Yes

Instructions:

1. Download the appropriate patch version from the vendor. 2. Apply the patch following DriveLock update procedures. 3. Restart affected services/systems.

🔧 Temporary Workarounds

Restrict API Access

all

Limit API access to only necessary users and implement strict access controls.

🧯 If You Can't Patch

  • Implement strict access controls and monitoring for API usage.
  • Segment network to limit exposure of DriveLock API endpoints.

🔍 How to Verify

Check if Vulnerable:

Check DriveLock version via administrative interface or version files.

Check Version:

Check DriveLock admin console or version.txt in installation directory.

Verify Fix Applied:

Verify version is 24.1.6, 24.2.7, or 25.1.5 or later.

📡 Detection & Monitoring

Log Indicators:

  • Unusual API requests for tenant information
  • Multiple failed authentication attempts followed by successful API access

Network Indicators:

  • Unusual patterns of API requests to tenant endpoints

SIEM Query:

source="DriveLock" AND (event_type="api_request" AND endpoint="*tenant*" AND user!="admin")

📊 Metadata

CVE ID: CVE-2025-67789
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-284
EPSS Score: 0.04% exploit probability (12.8th percentile)
Published: December 17, 2025
Last Updated: December 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67789, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)