Vulnerability in Dormakaba Access Manager 92xx-k5

CVE-2025-59105

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryp…

EPSS: 0.000 (0.7th percentile) — read the EPSS interpretation.

Affected products

Dormakaba Access Manager 92xx-k5 — versions 92xx-K5: All versions
Dormakaba Access Manager 92xx-k7 — versions 92xx-K7: <BAME 06.00

Weakness classification (CWE)

CWE-312 — Cleartext Storage of Sensitive Information

References

r.sec-consult.com/dormakaba (technical-description)
r.sec-consult.com/dkaccess (third-party-advisory)
www.dormakabagroup.com/en/security-advisories (vendor-advisory)