CVE-2025-67790 is a critical security vulnerability identified in multiple versions of DriveLock, a security software product widely used for endpoint protection and device control on Windows platforms. The vulnerability arises from improper handling of IOCTL (Input Output Control) requests involving unterminated strings. Specifically, an unprivileged user can send a specially crafted IOCTL request containing an unterminated string to the DriveLock driver, which leads to improper memory handling and triggers a Blue Screen of Death (BSOD) on affected Windows systems. This results in a denial-of-service condition by crashing the operating system kernel. The vulnerability is classified under CWE-170 (Improper Null Termination), indicating a failure to properly terminate strings, which can cause buffer overflows or memory corruption. The CVSS v3.1 base score of 9.8 (critical) reflects the vulnerability’s high exploitability (network attack vector, no privileges required, no user interaction) and severe impact on confidentiality, integrity, and availability. Although no public exploits have been reported yet, the ease of exploitation and potential for widespread disruption make this a significant threat. The affected DriveLock versions include 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. The vulnerability can be exploited remotely by any unprivileged user with access to the vulnerable system, potentially allowing attackers to disrupt business operations by forcing system reboots and causing data loss or corruption. The lack of authentication requirements and the ability to cause system crashes without user interaction increase the risk profile substantially.

For European organizations, the impact of CVE-2025-67790 is primarily a denial-of-service condition that can cause critical Windows systems to crash unexpectedly. This can disrupt business continuity, especially in environments relying heavily on endpoint security solutions like DriveLock for device control and data protection. The resulting BSODs can lead to loss of unsaved data, interruption of critical services, and increased operational costs due to system downtime and recovery efforts. Organizations in sectors such as finance, healthcare, manufacturing, and government, where DriveLock is commonly deployed, may face significant operational risks. Additionally, repeated crashes could be leveraged as part of a larger attack chain to distract or disable security monitoring and response capabilities. The vulnerability’s ease of exploitation without requiring privileges or user interaction means that insider threats or attackers who gain limited access could cause widespread disruption. This is particularly concerning for European enterprises with strict regulatory requirements around data availability and integrity, such as GDPR and NIS Directive compliance.

1. Immediate application of patches: Organizations should monitor DriveLock vendor announcements and apply updates to versions 24.1.6, 24.2.7, or 25.1.5 as soon as they become available to remediate the vulnerability. 2. Restrict access to vulnerable interfaces: Limit access to the DriveLock driver’s IOCTL interface to trusted and authorized users only, using Windows security policies and access control lists (ACLs). 3. Network segmentation: Isolate critical systems running DriveLock from untrusted networks and users to reduce exposure to remote exploitation. 4. Implement endpoint monitoring: Deploy advanced endpoint detection and response (EDR) tools to detect anomalous IOCTL requests or unusual system crashes that may indicate exploitation attempts. 5. Conduct regular system integrity checks and backups: Ensure that critical data and system states are backed up frequently to enable rapid recovery from crashes or data corruption. 6. User privilege management: Enforce the principle of least privilege to minimize the number of users with access to vulnerable systems and interfaces. 7. Incident response readiness: Prepare and test incident response plans specifically for denial-of-service scenarios caused by system crashes to minimize downtime.