CVE-2025-59098— Trace Functionality Leaking Sensitive Data in dormakaba access manager
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-59098
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Trace Functionality Leaking Sensitive Data in dormakaba access manager
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive debug information. The data is permanently broadcasted on the TCP socket. The socket can be accessed without any authentication or encryption. The transmitted data is based on the set verbosity level. The verbosity level can be set using the http(s) endpoint with the service interface password or with the guessable identifier of the device via the SOAP interface. The transmitted data contains sensitive data like the Card ID as well as all button presses on Registration units. This allows an attacker with network level access to retrieve all entered PINs on a registration unit.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
将系统数据暴露到未授权控制的范围
Source: NVD (National Vulnerability Database)
Vulnerability Title
Dormakaba Access Manager 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Dormakaba Access Manager是美国Dormakaba公司的一个智能硬件控制器。 Dormakaba Access Manager存在安全漏洞,该漏洞源于跟踪功能无需身份验证或加密,且传输数据包含敏感信息,可能导致检索在注册单元上输入的所有PIN。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| dormakaba | Access Manager 92xx-k5 | 92xx-K5: <XAMB 04.06.212 | - | |
| dormakaba | Access Manager 92xx-k7 | 92xx-K7: <BAME 05.02.156 | - |
II. Public POCs for CVE-2025-59098
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-59098
请登录查看更多情报信息。
- Multiple Critical Vulnerabilities in dormakaba Access Manager - SEC Consultthird-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-59098
Same Patch Batch · dormakaba · 2026-01-26 · 20 CVEs total
| CVE-2025-59105 | Unencrypted Flash Storage in dormakaba access manager | |
| CVE-2025-59091 | Hardcoded Legacy Accounts Allowing Control Over Access Managers in dormakaba Kaba exos 930 | |
| CVE-2025-59090 | Unauthenticated SOAP API in dormakaba Kaba exos 9300 | |
| CVE-2025-59104 | Unlocked Bootloader in dormakaba access manager | |
| CVE-2025-59095 | Hard-coded Key for PIN Encryption in dormakaba Kaba exos 9300 | |
| CVE-2025-59107 | Static Firmware Encryption Password in dormakaba access manager | |
| CVE-2025-59094 | Local Privilege Escalation in dormakaba Kaba exos 9300 System management | |
| CVE-2025-59102 | Secrets Stored in Plaintext in Database in dormakaba access manager | |
| CVE-2025-59092 | Unauthenticated RPC Service in dormakaba Kaba exos 9300 | |
| CVE-2025-59099 | Unauthenticated Path Traversal in dormakaba access manager | |
| CVE-2025-59097 | Unauthenticated SOAP API in dormakaba access manager | |
| CVE-2025-59106 | Web Server Running with Root Privileges in dormakaba access manager | |
| CVE-2025-59096 | Weak Default Password in dormakaba Kaba exos 9300 | |
| CVE-2025-59109 | UART Leaking Sensitive Data in dormakaba registration unit 9002 | |
| CVE-2025-59093 | Insecure Password Derivation Function for Database Administrator in dormakaba Kaba exos 93 | |
| CVE-2025-59101 | Insufficient Session Management in dormakaba access manager | |
| CVE-2025-59100 | Unauthenticated Access to the SQLite Database in dormakaba access manager | |
| CVE-2025-59103 | Weak Default Passwords for SSH Access in dormakaba access manager | |
| CVE-2025-59108 | Weak Default Passwords in dormakaba access manager |
IV. Related Vulnerabilities
Same product: Access Manager 92xx-k5
- CVE-2025-59108
Weak Default Passwords in dormakaba access manager - CVE-2025-59107
Static Firmware Encryption Password in dormakaba access mana - CVE-2025-59105
Unencrypted Flash Storage in dormakaba access manager - CVE-2025-59103
Weak Default Passwords for SSH Access in dormakaba access ma - CVE-2025-59102
Secrets Stored in Plaintext in Database in dormakaba access
Same vendor: dormakaba
- CVE-2025-59109
UART Leaking Sensitive Data in dormakaba registration unit 9 - CVE-2025-59108
Weak Default Passwords in dormakaba access manager - CVE-2025-59107
Static Firmware Encryption Password in dormakaba access mana - CVE-2025-59106
Web Server Running with Root Privileges in dormakaba access - CVE-2025-59105
Unencrypted Flash Storage in dormakaba access manager
Same weakness: CWE-497
- CVE-2026-7864
Exposure of Sensitive Information to an Unauthorized Actor - CVE-2026-41928
Vvveb < 1.0.8.2 Information Disclosure via Cron Controller - CVE-2026-25468
WordPress Happy Addons for Elementor plugin <= 3.20.8 - Sens - CVE-2026-42644
WordPress BetterDocs plugin <= 4.3.10 - Sensitive Data Expos - CVE-2026-24222
NVIDIA NeMoClaw 安全漏洞
V. Comments for CVE-2025-59098
No comments yet