Vulnerability in Dormakaba Access Manager 92xx-k5

CVE-2025-59107

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZI…

EPSS: 0.000 (7.1th percentile) — read the EPSS interpretation.

Affected products

Dormakaba Access Manager 92xx-k5 — versions All versions

Weakness classification (CWE)

CWE-798 — Use of Hard-coded Credentials

References

r.sec-consult.com/dormakaba (technical-description)
r.sec-consult.com/dkaccess (third-party-advisory)
www.dormakabagroup.com/en/security-advisories (vendor-advisory)