CVE-2025-67790
Unknown Unknown - Not Provided
Unterminated String IOCTL Causes BSOD in DriveLock Windows

Publication date: 2025-12-17

Last updated on: 2025-12-18

Assigner: MITRE

Description
An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause occasionally a Blue Screen Of Death (BSOD) on Windows computers by using an IOCTL and an unterminated string.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-17
Last Modified
2025-12-18
Generated
2026-06-16
AI Q&A
2025-12-17
EPSS Evaluated
2026-06-14
NVD
CVE-2025-67790
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
drivelock drivelock From 24.1 (inc) to 24.1.6 (exc)
drivelock drivelock From 24.2 (inc) to 24.2.7 (exc)
drivelock drivelock From 25.1 (inc) to 25.1.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-170 The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a buffer overread issue in the DriveLock Driver on Windows endpoints. It occurs when a local non-privileged user sends crafted IOCTL calls containing unterminated wide strings. The driver fails to properly validate these strings, which can cause a buffer overread and lead to a Blue Screen of Death (BSOD), resulting in a denial of service. [1]

Impact Analysis

The vulnerability can cause a Blue Screen of Death (BSOD) on affected Windows systems, leading to a denial of service. This means that an unprivileged local user could crash the system occasionally, impacting system availability. The impact on confidentiality is none, integrity is low, and availability is low. [1]

Detection Guidance

This vulnerability is exploitable locally via crafted IOCTL calls by non-privileged users. Detection involves monitoring for unusual or malformed IOCTL requests to the DriveLock driver on Windows endpoints. Specific commands are not provided, but system administrators should audit IOCTL calls and look for attempts to pass unterminated wide strings to the driver. Endpoint monitoring tools that track IOCTL usage or Windows Event Logs related to driver errors or BSOD events may help identify exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include updating DriveLock to the patched versions: 24.1.6, 24.2.7, or 25.1.5. Until updates can be applied, restrict local access to trusted users only, implement application control to prevent untrusted code execution, and harden endpoints to limit exposure of the IOCTL interface. These measures reduce the risk of exploitation by making it difficult for local non-privileged users to trigger the vulnerability. [1]

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67790. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart