CVE-2025-59106 — HIGH (8.8)

Q: How severe is CVE-2025-59106?

CVE-2025-59106 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-59106?

Check the references section above for vendor advisories and patch information. Affected products include: Dormakabagroup Dormakaba Access Manager 9200-K7 Firmware, Dormakabagroup Dormakaba Access Manager 9200-K7, Dormakabagroup Dormakaba Access Manager 9230-K7 Firmware, Dormakabagroup Dormakaba Access Manager 9230-K7, Dormakabagroup Dormakaba Access Manager 9290-K7 Firmware.

Vulnerability Description

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dormakabagroup	Dormakaba Access Manager 9200-K7 Firmware	< bame_06.00
Dormakabagroup	Dormakaba Access Manager 9200-K7	-
Dormakabagroup	Dormakaba Access Manager 9230-K7 Firmware	< bame_06.00
Dormakabagroup	Dormakaba Access Manager 9230-K7	-
Dormakabagroup	Dormakaba Access Manager 9290-K7 Firmware	< bame_06.00
Dormakabagroup	Dormakaba Access Manager 9290-K7	-
Dormakabagroup	Dormakaba Access Manager 9200-K5 Firmware	-
Dormakabagroup	Dormakaba Access Manager 9200-K5	-
Dormakabagroup	Dormakaba Access Manager 9230-K5 Firmware	-
Dormakabagroup	Dormakaba Access Manager 9230-K5	-
Dormakabagroup	Dormakaba Access Manager 9290-K5 Firmware	-
Dormakabagroup	Dormakaba Access Manager 9290-K5	-

Related Weaknesses (CWE)

CWE-272

References

https://r.sec-consult.com/dkaccessThird Party Advisory
https://r.sec-consult.com/dormakabaThird Party Advisory
https://www.dormakabagroup.com/en/security-advisoriesVendor Advisory

FAQ

What is CVE-2025-59106?

CVE-2025-59106 is a vulnerability with a CVSS score of 8.8 (HIGH). The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to...

How severe is CVE-2025-59106?

CVE-2025-59106 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-59106?

Check the references section above for vendor advisories and patch information. Affected products include: Dormakabagroup Dormakaba Access Manager 9200-K7 Firmware, Dormakabagroup Dormakaba Access Manager 9200-K7, Dormakabagroup Dormakaba Access Manager 9230-K7 Firmware, Dormakabagroup Dormakaba Access Manager 9230-K7, Dormakabagroup Dormakaba Access Manager 9290-K7 Firmware.