FKIE_CVE-2025-59106

Vulnerability from fkie_nvd - Published: 2026-01-26 10:16 - Updated: 2026-02-12 15:54
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.
References
551230f0-3615-47bd-b7cc-93e92e730bbfhttps://r.sec-consult.com/dkaccessThird Party Advisory
551230f0-3615-47bd-b7cc-93e92e730bbfhttps://r.sec-consult.com/dormakabaThird Party Advisory
551230f0-3615-47bd-b7cc-93e92e730bbfhttps://www.dormakabagroup.com/en/security-advisoriesVendor Advisory
Impacted products
Vendor Product Version
dormakabagroup dormakaba_access_manager_9200-k7_firmware *
dormakabagroup dormakaba_access_manager_9200-k7 -
dormakabagroup dormakaba_access_manager_9230-k7_firmware *
dormakabagroup dormakaba_access_manager_9230-k7 -
dormakabagroup dormakaba_access_manager_9290-k7_firmware *
dormakabagroup dormakaba_access_manager_9290-k7 -
dormakabagroup dormakaba_access_manager_9200-k5_firmware -
dormakabagroup dormakaba_access_manager_9200-k5 -
dormakabagroup dormakaba_access_manager_9230-k5_firmware -
dormakabagroup dormakaba_access_manager_9230-k5 -
dormakabagroup dormakaba_access_manager_9290-k5_firmware -
dormakabagroup dormakaba_access_manager_9290-k5 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9200-k7_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "677FDE80-CB98-4CAA-BAEA-B75CD903CE15",
              "versionEndExcluding": "bame_06.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9200-k7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "625A7698-8C85-443A-8234-3378335CF871",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9230-k7_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "88F6324C-CCC1-4B42-8BE7-5D64EC43F27D",
              "versionEndExcluding": "bame_06.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9230-k7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "706730A1-C200-40FA-A7F0-153DAC88128A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9290-k7_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECF1C26D-A592-46F3-996F-28E92C96F6BE",
              "versionEndExcluding": "bame_06.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9290-k7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56E30693-0FCA-4568-A2E8-C9D3C8D4E682",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9200-k5_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "533DF243-A900-46D3-85EE-C898716A1AE6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9200-k5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D3E658-5FA5-4C38-85B1-05D914AC973F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9230-k5_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10552E6-7CC9-43DA-9020-DA344B92D50F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9230-k5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "926B0276-D7C3-4099-AD6D-C63B860A57F4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9290-k5_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F36B37E-5048-4EB2-9B0B-3A1607ABD7D5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9290-k5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B8FCD3D-0E03-4ACA-884C-540866A4B7B9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges."
    },
    {
      "lang": "es",
      "value": "El binario que sirve al servidor web y que ejecuta pr\u00e1cticamente todas las acciones lanzadas desde la interfaz de usuario web se est\u00e1 ejecutando con privilegios de root. Esto va en contra del principio de m\u00ednimo privilegio. Si un atacante es capaz de ejecutar c\u00f3digo en el sistema a trav\u00e9s de otras vulnerabilidades, es posible ejecutar comandos directamente con los privilegios m\u00e1s altos."
    }
  ],
  "id": "CVE-2025-59106",
  "lastModified": "2026-02-12T15:54:17.057",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-26T10:16:08.513",
  "references": [
    {
      "source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://r.sec-consult.com/dkaccess"
    },
    {
      "source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://r.sec-consult.com/dormakaba"
    },
    {
      "source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dormakabagroup.com/en/security-advisories"
    }
  ],
  "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-272"
        }
      ],
      "source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.