CVE-2025-59106 - Vulnerability Details

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Dormakaba	Access Manager
Dormakabagroup	Dormakaba Access Manager 9200-k5 Dormakaba Access Manager 9200-k5 Firmware Dormakaba Access Manager 9200-k7 Dormakaba Access Manager 9200-k7 Firmware Dormakaba Access Manager 9230-k5 Dormakaba Access Manager 9230-k5 Firmware Dormakaba Access Manager 9230-k7 Dormakaba Access Manager 9230-k7 Firmware Dormakaba Access Manager 9290-k5 Dormakaba Access Manager 9290-k5 Firmware Dormakaba Access Manager 9290-k7 Dormakaba Access Manager 9290-k7 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9200-k7_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9200-k7:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9230-k7_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9230-k7:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9290-k7_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9290-k7:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9200-k5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9200-k5:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9230-k5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9230-k5:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9290-k5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9290-k5:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://r.sec-consult.com/dkaccess
https://r.sec-consult.com/dormakaba
https://www.dormakabagroup.com/en/security-advisories

History

Thu, 12 Feb 2026 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dormakabagroup Dormakabagroup dormakaba Access Manager 9200-k5 Dormakabagroup dormakaba Access Manager 9200-k5 Firmware Dormakabagroup dormakaba Access Manager 9200-k7 Dormakabagroup dormakaba Access Manager 9200-k7 Firmware Dormakabagroup dormakaba Access Manager 9230-k5 Dormakabagroup dormakaba Access Manager 9230-k5 Firmware Dormakabagroup dormakaba Access Manager 9230-k7 Dormakabagroup dormakaba Access Manager 9230-k7 Firmware Dormakabagroup dormakaba Access Manager 9290-k5 Dormakabagroup dormakaba Access Manager 9290-k5 Firmware Dormakabagroup dormakaba Access Manager 9290-k7 Dormakabagroup dormakaba Access Manager 9290-k7 Firmware
CPEs		cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9200-k5:-:::::::* cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9200-k7:-:::::::* cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9230-k5:-:::::::* cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9230-k7:-:::::::* cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9290-k5:-:::::::* cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9290-k7:-:::::::* cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9200-k5_firmware:-:::::::* cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9200-k7_firmware:::::::: cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9230-k5_firmware:-:::::::* cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9230-k7_firmware:::::::: cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9290-k5_firmware:-:::::::* cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9290-k7_firmware::::::::
Vendors & Products		Dormakabagroup Dormakabagroup dormakaba Access Manager 9200-k5 Dormakabagroup dormakaba Access Manager 9200-k5 Firmware Dormakabagroup dormakaba Access Manager 9200-k7 Dormakabagroup dormakaba Access Manager 9200-k7 Firmware Dormakabagroup dormakaba Access Manager 9230-k5 Dormakabagroup dormakaba Access Manager 9230-k5 Firmware Dormakabagroup dormakaba Access Manager 9230-k7 Dormakabagroup dormakaba Access Manager 9230-k7 Firmware Dormakabagroup dormakaba Access Manager 9290-k5 Dormakabagroup dormakaba Access Manager 9290-k5 Firmware Dormakabagroup dormakaba Access Manager 9290-k7 Dormakabagroup dormakaba Access Manager 9290-k7 Firmware

Tue, 27 Jan 2026 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dormakaba Dormakaba access Manager
Vendors & Products		Dormakaba Dormakaba access Manager

Tue, 27 Jan 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 26 Jan 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.
Title		Web Server Running with Root Privileges in dormakaba access manager
Weaknesses		CWE-272
References		https://r.sec-consult.com/dkaccess https://r.sec-consult.com/dormakaba https://www.dormakabagroup.com/en/security-advisories

MITRE

Status: PUBLISHED

Assigner: SEC-VLab

Published: 2026-01-26T10:06:13.702Z

Updated: 2026-01-27T18:44:41.817Z

Reserved: 2025-09-09T07:53:12.879Z

Link: CVE-2025-59106

Vulnrichment

Updated: 2026-01-27T18:44:28.259Z

NVD

Status : Analyzed

Published: 2026-01-26T10:16:08.513

Modified: 2026-02-12T15:54:17.057

Link: CVE-2025-59106

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object