Path Traversal in Dormakaba Access Manager 92xx-k5
CVE-2025-59099
The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior a…
EPSS: 0.004 (60.2th percentile) — read the EPSS interpretation.
Affected products
- Dormakaba Access Manager 92xx-k5 — versions 92xx-K5: <XAMB 04.05.21
- Dormakaba Access Manager 92xx-k7 — versions 92xx-K7: <BAME 04.05.16
Weakness classification (CWE)
References
- r.sec-consult.com/dormakaba (technical-description)
- r.sec-consult.com/dkaccess (third-party-advisory)
- www.dormakabagroup.com/en/security-advisories (vendor-advisory)