Vulnerability in Dormakaba Access Manager 92xx-k5

CVE-2025-59108

By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced.

EPSS: 0.001 (22.6th percentile) — read the EPSS interpretation.

Affected products

Dormakaba Access Manager 92xx-k5 — versions 92xx-K5: All versions
Dormakaba Access Manager 92xx-k7 — versions 92xx-K7: <BAME 04.07.268

Weakness classification (CWE)

CWE-1392

References

r.sec-consult.com/dormakaba (technical-description)
r.sec-consult.com/dkaccess (third-party-advisory)
www.dormakabagroup.com/en/security-advisories (vendor-advisory)