CVE-2025-67790 is a denial-of-service vulnerability found in DriveLock versions 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. The flaw arises when an unprivileged local user sends a specially crafted IOCTL (Input Output Control) request containing an unterminated string to the DriveLock driver on Windows systems. This malformed input can cause the driver to mishandle the string, leading to a system crash manifested as a Blue Screen of Death (BSOD). The vulnerability does not require elevated privileges or authentication, but exploitation is limited to users with local access to the machine. The intermittent nature of the BSOD suggests a race condition or improper string handling in kernel mode. DriveLock is a security product used primarily for device control, data loss prevention, and endpoint security in enterprise environments. Although no public exploits or patches have been released yet, the vulnerability poses a risk to system availability and stability. The lack of a CVSS score indicates that the vulnerability is newly disclosed and pending further analysis. The vulnerability affects Windows endpoints running vulnerable DriveLock versions, potentially disrupting business operations if exploited by malicious insiders or unauthorized local users.

For European organizations, exploitation of CVE-2025-67790 could result in unexpected system crashes causing denial of service on affected endpoints. This can disrupt business continuity, especially in environments where DriveLock is deployed to secure critical systems or sensitive data. The vulnerability could be leveraged by malicious insiders or attackers with local access to cause operational downtime or interrupt security monitoring functions provided by DriveLock. While confidentiality and integrity are not directly impacted, availability degradation can affect productivity and incident response capabilities. Organizations in sectors such as finance, healthcare, manufacturing, and government that rely on DriveLock for endpoint security may experience increased risk of disruption. The absence of remote exploitation limits the threat to local users, but insider threats or compromised endpoints remain a concern. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the potential for future attacks once exploit code becomes available.

Organizations should prioritize updating DriveLock to versions 24.1.6, 24.2.7, or 25.1.5 or later once patches are released by the vendor. Until patches are available, restrict local user access on systems running vulnerable DriveLock versions to trusted personnel only. Implement strict endpoint access controls and monitor for unusual IOCTL requests or system crashes that could indicate exploitation attempts. Employ application whitelisting and endpoint detection and response (EDR) solutions to detect anomalous behavior related to device control drivers. Conduct regular audits of user privileges to minimize the number of unprivileged users with local access. Additionally, maintain robust backup and recovery procedures to mitigate the impact of potential denial-of-service conditions. Engage with DriveLock support for early access to patches or workarounds. Finally, educate IT staff about this vulnerability to ensure rapid response if exploitation signs appear.