Auth bypass in Dormakaba Access Manager 92xx-k5

CVE-2025-59100

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be…

EPSS: 0.000 (11.6th percentile) — read the EPSS interpretation.

Affected products

Dormakaba Access Manager 92xx-k5 — versions 92xx-K5: <XAMB 04.06.212

Weakness classification (CWE)

CWE-285 — Improper Authorization

References

r.sec-consult.com/dormakaba (technical-description)
r.sec-consult.com/dkaccess (third-party-advisory)
www.dormakabagroup.com/en/security-advisories (vendor-advisory)