CNNVD-202512-3182 Information

CNNVD ID

CNNVD-202512-3182

Related CVE

CVE-2025-67791

• CNNVD Published: 2025-12-17

Description (Chinese)

DriveLock是德国DriveLock公司的一个端点安全与数据保护平台。 DriveLock 24.1及之前版本、24.2及之前版本和25.1及之前版本存在安全漏洞，该漏洞源于DriveLock租户中代理身份验证配置不完整，可能导致攻击者在网络上冒充任何DriveLock代理。

Description (English)

DriveLock is an end-point security and data protection platform of the German firm DriveLock. There is a security loophole in DriveLock 24.1 and earlier, 24.2 and earlier and 25.1 and earlier, which stems from the incomplete configuration of proxy identification in DriveLock tenants, which may result in the attackers impersonating any DriveLock agent on the Internet.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

DriveLock

Published

2025-12-17

Last Modified

2026-02-24

References

https://drivelock.help/versions/current/web/en/releasenotes/Content/ReleaseNotes_DriveLock/SecurityBulletins/25-006-DESMisconfig.htm

Patch

https://drivelock.help/versions/2025_2/web/en/releasenotes/Content/ReleaseNotes_DriveLock/NewRelease/DL_RelNotes.htm