Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-59107— Static Firmware Encryption Password in dormakaba access manager

EPSS 0.02% · P5
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-59107

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Static Firmware Encryption Password in dormakaba access manager
Source: NVD (National Vulnerability Database)
Vulnerability Description
Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be extracted. This password was valid for multiple observed firmware versions.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用硬编码的凭证
Source: NVD (National Vulnerability Database)
Vulnerability Title
Dormakaba Access Manager 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Dormakaba Access Manager是美国Dormakaba公司的一个智能硬件控制器。 Dormakaba Access Manager存在安全漏洞,该漏洞源于固件更新ZIP文件使用静态可提取密码,可能导致固件解密。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
dormakabaAccess Manager 92xx-k5 All versions -

II. Public POCs for CVE-2025-59107

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-59107

登录查看更多情报信息。

Same Patch Batch · dormakaba · 2026-01-26 · 20 CVEs total

CVE-2025-59105Unencrypted Flash Storage in dormakaba access manager
CVE-2025-59091Hardcoded Legacy Accounts Allowing Control Over Access Managers in dormakaba Kaba exos 930
CVE-2025-59098Trace Functionality Leaking Sensitive Data in dormakaba access manager
CVE-2025-59090Unauthenticated SOAP API in dormakaba Kaba exos 9300
CVE-2025-59104Unlocked Bootloader in dormakaba access manager
CVE-2025-59095Hard-coded Key for PIN Encryption in dormakaba Kaba exos 9300
CVE-2025-59094Local Privilege Escalation in dormakaba Kaba exos 9300 System management
CVE-2025-59102Secrets Stored in Plaintext in Database in dormakaba access manager
CVE-2025-59092Unauthenticated RPC Service in dormakaba Kaba exos 9300
CVE-2025-59099Unauthenticated Path Traversal in dormakaba access manager
CVE-2025-59097Unauthenticated SOAP API in dormakaba access manager
CVE-2025-59106Web Server Running with Root Privileges in dormakaba access manager
CVE-2025-59096Weak Default Password in dormakaba Kaba exos 9300
CVE-2025-59109UART Leaking Sensitive Data in dormakaba registration unit 9002
CVE-2025-59093Insecure Password Derivation Function for Database Administrator in dormakaba Kaba exos 93
CVE-2025-59101Insufficient Session Management in dormakaba access manager
CVE-2025-59100Unauthenticated Access to the SQLite Database in dormakaba access manager
CVE-2025-59103Weak Default Passwords for SSH Access in dormakaba access manager
CVE-2025-59108Weak Default Passwords in dormakaba access manager

IV. Related Vulnerabilities

Same product: Access Manager 92xx-k5
Same vendor: dormakaba
Same weakness: CWE-798

V. Comments for CVE-2025-59107

No comments yet

Leave a comment