Vulnerability in Dormakaba Access Manager 92xx-k5

CVE-2025-59102

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much…

EPSS: 0.001 (18.3th percentile) — read the EPSS interpretation.

Affected products

Dormakaba Access Manager 92xx-k5 — versions 92xx-K5: <XAMB 04.06.212

Weakness classification (CWE)

CWE-312 — Cleartext Storage of Sensitive Information

References

r.sec-consult.com/dormakaba (technical-description)
r.sec-consult.com/dkaccess (third-party-advisory)
www.dormakabagroup.com/en/security-advisories (vendor-advisory)