CVE-2025-67787

DriveLock · DriveLock Operations Center

A Cross-Site Scripting (XSS) vulnerability in the DriveLock Operations Center allows remote attackers to perform session takeovers.

Executive summary

A critical XSS vulnerability in DriveLock Operations Center permits session takeover attacks, potentially granting an attacker full control over an authenticated user's session.

Vulnerability

The issue is a Cross-Site Scripting (XSS) vulnerability that allows for the execution of malicious scripts within the context of the user's session. This enables attackers to hijack active sessions over a network.

Business impact

With a CVSS score of 9.6, this is a highly critical vulnerability. Successful exploitation could lead to full administrative session hijacking, resulting in unauthorized control over the DriveLock environment and potential compromise of sensitive security management data.

Remediation

Immediate Action: Update the DriveLock Operations Center to version 25.1.5 or later as soon as the vendor provides the release.

Proactive Monitoring: Monitor user session logs for suspicious activity, such as unexpected administrative actions or logins from unusual locations.

Compensating Controls: Implement strict Content Security Policy (CSP) headers and ensure that web sessions are protected by appropriate secure flags to mitigate the impact of XSS.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Due to the extreme severity of this XSS-based session takeover flaw, organizations must prioritize updating their DriveLock software. Until the patch is applied, users should exercise extreme caution when accessing the management interface and ensure session timeouts are kept to a minimum.