CVE-2025-67789 is a security vulnerability identified in multiple versions of DriveLock, a security software product used for endpoint protection and data loss prevention. The flaw exists in the DriveLock API, where authenticated users can query and retrieve the number of computers associated with other DriveLock tenants. This indicates a failure in proper access control and tenant isolation mechanisms within the API, allowing information disclosure across tenant boundaries. The vulnerability affects DriveLock versions 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. The issue does not require elevated privileges beyond authentication, meaning any authenticated user can exploit it. Although the vulnerability does not allow direct control or modification of other tenants' data, the exposure of computer counts can aid attackers in reconnaissance activities, potentially facilitating targeted attacks or competitive intelligence gathering. No CVSS score has been assigned yet, and there are no known exploits in the wild. The vulnerability was published on December 17, 2025, with the reservation date on December 12, 2025. The absence of patch links suggests that patches may be pending or not yet publicly documented. The flaw primarily impacts confidentiality by leaking metadata about other tenants, but does not directly affect integrity or availability. The attack vector is via the API, requiring authentication but no additional user interaction. This vulnerability highlights the importance of strict multi-tenant access controls in SaaS and security products.

For European organizations, the primary impact of CVE-2025-67789 is the unauthorized disclosure of tenant-specific metadata, specifically the number of computers managed under other DriveLock tenants. While this does not directly compromise system integrity or availability, it can provide attackers or competitors with valuable intelligence about the size and scope of other organizations’ deployments. This information could be used to tailor social engineering attacks, plan targeted intrusions, or gain competitive advantage. Organizations relying on DriveLock for endpoint security and data protection may face increased risk of reconnaissance-based attacks if this vulnerability is exploited. Additionally, the exposure of such metadata could violate data protection regulations like GDPR if it leads to unauthorized profiling or data leakage. The vulnerability requires authentication, so insider threats or compromised user credentials could be leveraged to exploit it. European enterprises with multi-tenant environments or those sharing infrastructure with partners should be particularly cautious. The lack of known exploits reduces immediate risk but does not eliminate the potential for future abuse.

1. Apply patches from DriveLock as soon as they become available for versions 24.1, 24.2, and 25.1 to address this vulnerability. 2. Until patches are deployed, restrict API access strictly to trusted users and monitor API usage logs for unusual requests or access patterns that could indicate exploitation attempts. 3. Implement strong authentication and authorization controls, including multi-factor authentication, to reduce the risk of credential compromise. 4. Conduct regular audits of tenant isolation and access control policies within DriveLock and any integrated systems to ensure no cross-tenant data leakage occurs. 5. Engage with DriveLock support or security teams to confirm the status of patches and any recommended configuration changes. 6. Educate users about the risks of credential sharing and phishing attacks that could lead to authenticated access by unauthorized parties. 7. Consider network segmentation or API gateway controls to limit exposure of the DriveLock API to only necessary users and systems. 8. Review compliance implications under GDPR and other relevant regulations to ensure that any data exposure is promptly addressed and reported if required.