Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

dormakaba — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting dormakaba. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Dormakaba operates as a global provider of access control and security solutions, primarily serving commercial and institutional clients with electronic locking systems and management software. The company’s product portfolio, which includes physical access controllers and associated management platforms, has historically been associated with twenty-one recorded Common Vulnerabilities and Exposures (CVEs). These disclosed flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation or improper authentication mechanisms within web-based management interfaces. While no single catastrophic breach has defined the company’s public security history, the recurring nature of these software defects highlights persistent challenges in securing complex IoT-enabled infrastructure. Security researchers continue to monitor these systems, emphasizing the need for rigorous patch management and network segmentation to mitigate the risk of unauthorized access to physical security controls.

Top products by dormakaba: Access Manager 92xx-k5 Kaba exos 9300 Access Manager 92xx-k7 Dormakaba Saflok System 6000 dormakaba registration unit 9002
CVE IDTitleCVSSSeverityPublished
CVE-2025-59109 UART Leaking Sensitive Data in dormakaba registration unit 9002 — dormakaba registration unit 9002CWE-1295 8.1AIHighAI2026-01-26
CVE-2025-59108 Weak Default Passwords in dormakaba access manager — Access Manager 92xx-k5CWE-1392 9.8AICriticalAI2026-01-26
CVE-2025-59107 Static Firmware Encryption Password in dormakaba access manager — Access Manager 92xx-k5CWE-798 9.1AICriticalAI2026-01-26
CVE-2025-59106 Web Server Running with Root Privileges in dormakaba access manager — Access Manager 92xx-k7CWE-272 8.4AIHighAI2026-01-26
CVE-2025-59105 Unencrypted Flash Storage in dormakaba access manager — Access Manager 92xx-k5CWE-312 6.8AIMediumAI2026-01-26
CVE-2025-59104 Unlocked Bootloader in dormakaba access manager — Access Manager 92xx-k7CWE-1234 6.8AIMediumAI2026-01-26
CVE-2025-59103 Weak Default Passwords for SSH Access in dormakaba access manager — Access Manager 92xx-k5CWE-1391 9.8AICriticalAI2026-01-26
CVE-2025-59102 Secrets Stored in Plaintext in Database in dormakaba access manager — Access Manager 92xx-k5CWE-312 7.5AIHighAI2026-01-26
CVE-2025-59101 Insufficient Session Management in dormakaba access manager — Access Manager 92xx-k5CWE-291 9.8AICriticalAI2026-01-26
CVE-2025-59100 Unauthenticated Access to the SQLite Database in dormakaba access manager — Access Manager 92xx-k5CWE-285 9.8AICriticalAI2026-01-26
CVE-2025-59099 Unauthenticated Path Traversal in dormakaba access manager — Access Manager 92xx-k5CWE-35 9.1AICriticalAI2026-01-26
CVE-2025-59098 Trace Functionality Leaking Sensitive Data in dormakaba access manager — Access Manager 92xx-k5CWE-497 7.5AIHighAI2026-01-26
CVE-2025-59097 Unauthenticated SOAP API in dormakaba access manager — Access Manager 92xx-k5CWE-306 9.8AICriticalAI2026-01-26
CVE-2025-59096 Weak Default Password in dormakaba Kaba exos 9300 — Kaba exos 9300CWE-798 8.4AIHighAI2026-01-26
CVE-2025-59095 Hard-coded Key for PIN Encryption in dormakaba Kaba exos 9300 — Kaba exos 9300CWE-798 8.4AIHighAI2026-01-26
CVE-2025-59094 Local Privilege Escalation in dormakaba Kaba exos 9300 System management — Kaba exos 9300CWE-269 7.8AIHighAI2026-01-26
CVE-2025-59093 Insecure Password Derivation Function for Database Administrator in dormakaba Kaba exos 9300 — Kaba exos 9300CWE-656 8.8AIHighAI2026-01-26
CVE-2025-59092 Unauthenticated RPC Service in dormakaba Kaba exos 9300 — Kaba exos 9300CWE-798 4.0AIMediumAI2026-01-26
CVE-2025-59091 Hardcoded Legacy Accounts Allowing Control Over Access Managers in dormakaba Kaba exos 9300 — Kaba exos 9300CWE-798 8.8AIHighAI2026-01-26
CVE-2025-59090 Unauthenticated SOAP API in dormakaba Kaba exos 9300 — Kaba exos 9300CWE-306 8.2AIHighAI2026-01-26
CVE-2024-58311 Dormakaba Saflok System 6000 Key Generation Cryptographic Weakness — Dormakaba Saflok System 6000CWE-1245 9.8 Critical2025-12-12

This page lists every published CVE security advisory associated with dormakaba. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.