Multiple vulnerabilities in Bdrive NetDrive

Published: 2025-03-26

Risk	Low
Patch available	NO
Number of vulnerabilities	2
CVE-ID	CVE-2025-2768 CVE-2025-2769
CWE-ID	CWE-428
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	NetDrive Client/Desktop applications / Other client software
Vendor	Bdrive

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Unquoted Search Path or Element

EUVDB-ID: #VU106038

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-2768

CWE-ID: CWE-428 - Unquoted Search Path or Element

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to unquoted search path or element within the configuration of OpenSSL. A local user can gain elevated privileges on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

NetDrive: All versions

CPE2.3

cpe:2.3:a:bdrive:netdrive:*:*:*:*:*:*:*:*

External links

https://www.zerodayinitiative.com/advisories/ZDI-25-182/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Unquoted Search Path or Element

EUVDB-ID: #VU106039