Vulnerability in Dormakaba Access Manager 92xx-k7

CVE-2025-59106

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other v…

EPSS: 0.001 (30.8th percentile) — read the EPSS interpretation.

Affected products

Dormakaba Access Manager 92xx-k7 — versions 92xx-k7: <BAME 06.00

Weakness classification (CWE)

CWE-272

References

r.sec-consult.com/dormakaba (technical-description)
r.sec-consult.com/dkaccess (third-party-advisory)
www.dormakabagroup.com/en/security-advisories (vendor-advisory)