CVE-2025-59105

HIGH

Linux-based K7 - Info Disclosure

Title source: llm

Description

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and read, in order to gain SSH root access on the Linux-based K7 model. On the Windows CE based K5 model, the password for the Access Manager can additionally be read in plain text from the stored SQLite database.

References (3)

[Various Sources] https://r.sec-consult.com/dormakaba

[Various Sources] https://r.sec-consult.com/dkaccess

[Various Sources] https://www.dormakabagroup.com/en/security-advisories

Scores

CVSS v4 7.0

EPSS 0.0001

EPSS Percentile 0.4%

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-312

Status published

Products (2)

dormakaba/Access Manager 92xx-k5 92xx-K5: All versions

dormakaba/Access Manager 92xx-k7 92xx-K7: <BAME 06.00

Published Jan 26, 2026

Tracked Since Feb 18, 2026