CVE-2025-59107

Vulnerability Description

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be extracted. This password was valid for multiple observed firmware versions.

Related Weaknesses (CWE)

CWE-798

References

https://r.sec-consult.com/dkaccess
https://r.sec-consult.com/dormakaba
https://www.dormakabagroup.com/en/security-advisories

FAQ

What is CVE-2025-59107?

CVE-2025-59107 is a documented vulnerability. Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this to...

How severe is CVE-2025-59107?

CVSS scoring is not yet available for CVE-2025-59107. Check NVD for updates.

Is there a patch for CVE-2025-59107?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.