CVE-2025-59107

HIGH

Dormakaba FWServiceTool - Info Disclosure

Title source: llm

Description

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be extracted. This password was valid for multiple observed firmware versions.

References (3)

[Various Sources] https://r.sec-consult.com/dormakaba

[Various Sources] https://r.sec-consult.com/dkaccess

[Various Sources] https://www.dormakabagroup.com/en/security-advisories

Scores

CVSS v4 8.5

EPSS 0.0002

EPSS Percentile 5.1%

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-798

Status published

Published Jan 26, 2026

Tracked Since Feb 18, 2026