VYPR

Drivelock

by Centertools

CVEs (8)

  • CVE-2025-67794Dec 17, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent.

  • CVE-2025-67790Dec 17, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause occasionally a Blue Screen Of Death (BSOD) on Windows computers by using an IOCTL and an unterminated string.

  • CVE-2025-67791Dec 17, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. An incomplete configuration (agent authentication) in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES (DriveLock Enterprise…

  • CVE-2025-67793Dec 17, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by…

  • CVE-2025-67789Dec 17, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Authenticated users can retrieve the computer count of other DriveLock tenants via the DriveLock API.

  • CVE-2025-67792Dec 17, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to execute arbitrary commands on Windows computers.

  • CVE-2025-55187Sep 26, 2025
    risk 0.00cvss epss 0.00

    In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gain elevated privileges.

  • CVE-2007-5209Oct 4, 2007
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock 5.0 allows remote attackers to execute arbitrary code via a long HTTP request to TCP port 6061. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…