CVE-2025-67787

An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting (XSS) issue in DriveLock Operations Center allows for session takeover over a network.

critical 9.6 CVSS 3.1

Published: Dec 17, 2025

Modified: Jan 2, 2026

Versions: 25.1.2,25.1.4

Description

An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting (XSS) issue in DriveLock Operations Center allows for session takeover over a network.

References

https://drivelock.help/versions/current/web/en/releasenotes/Content/ReleaseNotes_DriveLock/SecurityBulletins/25-002-CrossSiteScripting.htm

Related CVEs

CVSS Breakdown

Version	3.1
Score	9.6 / 10
Severity	critical

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

Weakness (CWE)

CWE-79

Affected Product

Vendor	Drivelock
Product	Drivelock
Versions	25.1.2,25.1.4