CNNVD-202512-3185 Information

CNNVD ID

CNNVD-202512-3185

Related CVE

CVE-2025-67793

• CNNVD Published: 2025-12-17

Description (Chinese)

DriveLock是德国DriveLock公司的一个端点安全与数据保护平台。 DriveLock 24.1及之前的24.1.x版本、24.2及之前的24.2.x版本和25.1.6之前版本存在安全漏洞，该漏洞源于具有管理角色和权限特权的用户可通过API调用提升自身或其他DOC用户为Supervisor角色，可能导致权限提升。

Description (English)

DriveLock is an end-point security and data protection platform of the German firm DriveLock. DriveLock 24.1 and previous versions 24.1.x, 24.2.x and previous versions 24.2.x and prior versions 25.1.6 have a security loophole, which stems from the fact that users with managerial roles and privileges can use API to promote their own or other DOC users as Supervisor roles, which may result in enhanced privileges.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

DriveLock

Published

2025-12-17

Last Modified

2026-02-24

References

https://drivelock.help/sb/Content/SecurityBulletins/25-008-DESPrivilegeEsc.htm

Patch

https://drivelock.help/versions/2025_2/web/en/releasenotes/Content/ReleaseNotes_DriveLock/NewRelease/DL_RelNotes.htm