RCE in Dormakaba Access Manager 92xx-k5

CVE-2025-59097

The exos 9300 application can be used to configure Access Managers (e.g. 92xx, 9230 and 9290). The configuration is done in a graphical user interface on the dormakaba exos server. As soon as the save button is clicked in exos 9300, the wh…

Vulnerability class: Broken Authentication

EPSS: 0.001 (34.1th percentile) — read the EPSS interpretation.

Affected products

Dormakaba Access Manager 92xx-k5 — versions 92xx-K5: All Versions
Dormakaba Access Manager 92xx-k7 — versions 92xx-K7: Older than BAME 06.00 must be configured

Weakness classification (CWE)

References

r.sec-consult.com/dormakaba (technical-description)
r.sec-consult.com/dkaccess (third-party-advisory)
www.dormakabagroup.com/en/security-advisories (vendor-advisory)