Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
2 vulnerabilities found for dormakaba_access_manager_9290-k5_firmware by dormakabagroup
CVE-2025-59106 (GCVE-0-2025-59106)
Vulnerability from nvd – Published: 2026-01-26 10:06 – Updated: 2026-01-27 18:44
VLAI?
Title
Web Server Running with Root Privileges in dormakaba access manager
Summary
The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.
Severity ?
8.8 (High)
CWE
- CWE-272 - Least Privilege Violation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| dormakaba | Access Manager 92xx-k7 |
Affected:
92xx-k7: <BAME 06.00
|
Credits
Clemens Stockenreitner, SEC Consult Vulnerability Lab
Werner Schober, SEC Consult Vulnerability Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-59106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T18:44:35.148811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T18:44:41.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Access Manager 92xx-k7",
"vendor": "dormakaba",
"versions": [
{
"status": "affected",
"version": "92xx-k7: \u003cBAME 06.00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Clemens Stockenreitner, SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Werner Schober, SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges. \u003cbr\u003e"
}
],
"value": "The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234: Hijacking a privileged process"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-272",
"description": "CWE-272: Least Privilege Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T10:06:13.702Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"technical-description"
],
"url": "https://r.sec-consult.com/dormakaba"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/dkaccess"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dormakabagroup.com/en/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To secure the devices from unauthorized access, it is highly recommended to change the default password and update to at least firmware version BAME 06.00.x RA.\u003cbr\u003e"
}
],
"value": "To secure the devices from unauthorized access, it is highly recommended to change the default password and update to at least firmware version BAME 06.00.x RA."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Web Server Running with Root Privileges in dormakaba access manager",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2025-59106",
"datePublished": "2026-01-26T10:06:13.702Z",
"dateReserved": "2025-09-09T07:53:12.879Z",
"dateUpdated": "2026-01-27T18:44:41.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59106 (GCVE-0-2025-59106)
Vulnerability from cvelistv5 – Published: 2026-01-26 10:06 – Updated: 2026-01-27 18:44
VLAI?
Title
Web Server Running with Root Privileges in dormakaba access manager
Summary
The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.
Severity ?
8.8 (High)
CWE
- CWE-272 - Least Privilege Violation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| dormakaba | Access Manager 92xx-k7 |
Affected:
92xx-k7: <BAME 06.00
|
Credits
Clemens Stockenreitner, SEC Consult Vulnerability Lab
Werner Schober, SEC Consult Vulnerability Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-59106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T18:44:35.148811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T18:44:41.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Access Manager 92xx-k7",
"vendor": "dormakaba",
"versions": [
{
"status": "affected",
"version": "92xx-k7: \u003cBAME 06.00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Clemens Stockenreitner, SEC Consult Vulnerability Lab"
},
{
"lang": "en",
"type": "finder",
"value": "Werner Schober, SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges. \u003cbr\u003e"
}
],
"value": "The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234: Hijacking a privileged process"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-272",
"description": "CWE-272: Least Privilege Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T10:06:13.702Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"technical-description"
],
"url": "https://r.sec-consult.com/dormakaba"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/dkaccess"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dormakabagroup.com/en/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To secure the devices from unauthorized access, it is highly recommended to change the default password and update to at least firmware version BAME 06.00.x RA.\u003cbr\u003e"
}
],
"value": "To secure the devices from unauthorized access, it is highly recommended to change the default password and update to at least firmware version BAME 06.00.x RA."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Web Server Running with Root Privileges in dormakaba access manager",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2025-59106",
"datePublished": "2026-01-26T10:06:13.702Z",
"dateReserved": "2025-09-09T07:53:12.879Z",
"dateUpdated": "2026-01-27T18:44:41.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}