Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for dormakaba_access_manager_9230-k7_firmware by dormakabagroup

    CVE-2025-59106 (GCVE-0-2025-59106)

    Vulnerability from nvd – Published: 2026-01-26 10:06 – Updated: 2026-01-27 18:44
    VLAI
    Title
    Web Server Running with Root Privileges in dormakaba access manager
    Summary
    The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-272 - Least Privilege Violation
    Assigner
    References
    Impacted products
    Vendor Product Version
    dormakaba Access Manager 92xx-k7 Affected: 92xx-k7: <BAME 06.00
    Create a notification for this product.
    Credits
    Clemens Stockenreitner, SEC Consult Vulnerability Lab Werner Schober, SEC Consult Vulnerability Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59106",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-27T18:44:35.148811Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-27T18:44:41.817Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Access Manager 92xx-k7",
              "vendor": "dormakaba",
              "versions": [
                {
                  "status": "affected",
                  "version": "92xx-k7: \u003cBAME 06.00"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Clemens Stockenreitner, SEC Consult Vulnerability Lab"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Werner Schober, SEC Consult Vulnerability Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges. \u003cbr\u003e"
                }
              ],
              "value": "The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-234",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-234: Hijacking a privileged process"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-272",
                  "description": "CWE-272: Least Privilege Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-26T10:06:13.702Z",
            "orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
            "shortName": "SEC-VLab"
          },
          "references": [
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://r.sec-consult.com/dormakaba"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://r.sec-consult.com/dkaccess"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dormakabagroup.com/en/security-advisories"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To secure the devices from unauthorized access, it is highly recommended to change the default password and update to at least firmware version BAME 06.00.x RA.\u003cbr\u003e"
                }
              ],
              "value": "To secure the devices from unauthorized access, it is highly recommended to change the default password and update to at least firmware version BAME 06.00.x RA."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Web Server Running with Root Privileges in dormakaba access manager",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
        "assignerShortName": "SEC-VLab",
        "cveId": "CVE-2025-59106",
        "datePublished": "2026-01-26T10:06:13.702Z",
        "dateReserved": "2025-09-09T07:53:12.879Z",
        "dateUpdated": "2026-01-27T18:44:41.817Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-59106 (GCVE-0-2025-59106)

    Vulnerability from cvelistv5 – Published: 2026-01-26 10:06 – Updated: 2026-01-27 18:44
    VLAI
    Title
    Web Server Running with Root Privileges in dormakaba access manager
    Summary
    The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-272 - Least Privilege Violation
    Assigner
    References
    Impacted products
    Vendor Product Version
    dormakaba Access Manager 92xx-k7 Affected: 92xx-k7: <BAME 06.00
    Create a notification for this product.
    Credits
    Clemens Stockenreitner, SEC Consult Vulnerability Lab Werner Schober, SEC Consult Vulnerability Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59106",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-27T18:44:35.148811Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-27T18:44:41.817Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Access Manager 92xx-k7",
              "vendor": "dormakaba",
              "versions": [
                {
                  "status": "affected",
                  "version": "92xx-k7: \u003cBAME 06.00"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Clemens Stockenreitner, SEC Consult Vulnerability Lab"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Werner Schober, SEC Consult Vulnerability Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges. \u003cbr\u003e"
                }
              ],
              "value": "The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-234",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-234: Hijacking a privileged process"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-272",
                  "description": "CWE-272: Least Privilege Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-26T10:06:13.702Z",
            "orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
            "shortName": "SEC-VLab"
          },
          "references": [
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://r.sec-consult.com/dormakaba"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://r.sec-consult.com/dkaccess"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dormakabagroup.com/en/security-advisories"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To secure the devices from unauthorized access, it is highly recommended to change the default password and update to at least firmware version BAME 06.00.x RA.\u003cbr\u003e"
                }
              ],
              "value": "To secure the devices from unauthorized access, it is highly recommended to change the default password and update to at least firmware version BAME 06.00.x RA."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Web Server Running with Root Privileges in dormakaba access manager",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
        "assignerShortName": "SEC-VLab",
        "cveId": "CVE-2025-59106",
        "datePublished": "2026-01-26T10:06:13.702Z",
        "dateReserved": "2025-09-09T07:53:12.879Z",
        "dateUpdated": "2026-01-27T18:44:41.817Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }