Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-59101— Insufficient Session Management in dormakaba access manager

EPSS 0.04% · P11
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-59101

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Insufficient Session Management in dormakaba access manager
Source: NVD (National Vulnerability Database)
Vulnerability Description
Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other session information is stored. Therefore, it is possible to spoof the IP address of a logged-in user to gain access to the Access Manager web interface.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
信任自主报告的IP地址
Source: NVD (National Vulnerability Database)
Vulnerability Title
Dormakaba Access Manager 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Dormakaba Access Manager是美国Dormakaba公司的一个智能硬件控制器。 Dormakaba Access Manager存在安全漏洞,该漏洞源于基于源IP地址进行身份验证,可能导致IP地址欺骗攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
dormakabaAccess Manager 92xx-k5 92xx-K5: <XAMB 04.06.212 -
dormakabaAccess Manager 92xx-k7 92xx-K7: <BAME 04.07.268 -

II. Public POCs for CVE-2025-59101

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-59101

登录查看更多情报信息。

Same Patch Batch · dormakaba · 2026-01-26 · 20 CVEs total

CVE-2025-59099Unauthenticated Path Traversal in dormakaba access manager
CVE-2025-59091Hardcoded Legacy Accounts Allowing Control Over Access Managers in dormakaba Kaba exos 930
CVE-2025-59098Trace Functionality Leaking Sensitive Data in dormakaba access manager
CVE-2025-59090Unauthenticated SOAP API in dormakaba Kaba exos 9300
CVE-2025-59104Unlocked Bootloader in dormakaba access manager
CVE-2025-59095Hard-coded Key for PIN Encryption in dormakaba Kaba exos 9300
CVE-2025-59107Static Firmware Encryption Password in dormakaba access manager
CVE-2025-59094Local Privilege Escalation in dormakaba Kaba exos 9300 System management
CVE-2025-59102Secrets Stored in Plaintext in Database in dormakaba access manager
CVE-2025-59092Unauthenticated RPC Service in dormakaba Kaba exos 9300
CVE-2025-59097Unauthenticated SOAP API in dormakaba access manager
CVE-2025-59105Unencrypted Flash Storage in dormakaba access manager
CVE-2025-59106Web Server Running with Root Privileges in dormakaba access manager
CVE-2025-59096Weak Default Password in dormakaba Kaba exos 9300
CVE-2025-59109UART Leaking Sensitive Data in dormakaba registration unit 9002
CVE-2025-59093Insecure Password Derivation Function for Database Administrator in dormakaba Kaba exos 93
CVE-2025-59100Unauthenticated Access to the SQLite Database in dormakaba access manager
CVE-2025-59103Weak Default Passwords for SSH Access in dormakaba access manager
CVE-2025-59108Weak Default Passwords in dormakaba access manager

IV. Related Vulnerabilities

Same product: Access Manager 92xx-k5
Same vendor: dormakaba
Same weakness: CWE-291

V. Comments for CVE-2025-59101

No comments yet

Leave a comment