CVE-2025-59105
HIGHdormakaba Access Manager 92xx-k5 and 92xx-k7 - Cleartext Storage of Sensitive Information
Title source: llmDescription
With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and read, in order to gain SSH root access on the Linux-based K7 model. On the Windows CE based K5 model, the password for the Access Manager can additionally be read in plain text from the stored SQLite database.
References (3)
Core 3
Core References
Various Sources technical-description
https://r.sec-consult.com/dormakaba
Various Sources third-party-advisory
https://r.sec-consult.com/dkaccess
Various Sources vendor-advisory
https://www.dormakabagroup.com/en/security-advisories
Scores
CVSS v4
7.0
EPSS
0.0010
EPSS Percentile
1.0%
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-312
Status
published
Products (2)
dormakaba/Access Manager 92xx-k5
92xx-K5: All versions
dormakaba/Access Manager 92xx-k7
92xx-K7: <BAME 06.00
Published
Jan 26, 2026
Tracked Since
Feb 18, 2026