CNNVD-202512-3186 Information

CNNVD ID

CNNVD-202512-3186

Related CVE

CVE-2025-67794

• CNNVD Published: 2025-12-17

Description (Chinese)

DriveLock是德国DriveLock公司的一个端点安全与数据保护平台。 DriveLock 24.1及之前的24.1.x版本、24.2.8之前版本和25.1.6之前版本存在安全漏洞，该漏洞源于代理创建的文件和目录具有过度宽松的ACL，可能导致本地非管理员用户触发操作或破坏代理稳定性。

Description (English)

DriveLock is an end-point security and data protection platform of the German firm DriveLock. There is a security loophole in DriveLock 24.1 and earlier versions 24.1.x, before 24.2.8 and before 25.1.6, which stems from the overly loose ACL of the documents and catalogues created by the agent, which may trigger local non-administer users or destabilize the agent.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

DriveLock

Published

2025-12-17

Last Modified

2026-02-24

References

https://drivelock.help/sb/Content/SecurityBulletins/25-009-AgIncPermissions.htm

Patch

https://drivelock.help/versions/2025_2/web/en/releasenotes/Content/ReleaseNotes_DriveLock/NewRelease/DL_RelNotes.htm