T
he binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.
References
| Link | Resource |
|---|---|
| https://r.sec-consult.com/dkaccess | Third Party Advisory |
| https://r.sec-consult.com/dormakaba | Third Party Advisory |
| https://www.dormakabagroup.com/en/security-advisories | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
History
12 Feb 2026, 15:54
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://r.sec-consult.com/dkaccess - Third Party Advisory | |
| References | () https://r.sec-consult.com/dormakaba - Third Party Advisory | |
| References | () https://www.dormakabagroup.com/en/security-advisories - Vendor Advisory | |
| CPE | cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9290-k5_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9200-k7_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9200-k5:-:*:*:*:*:*:*:* cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9290-k5:-:*:*:*:*:*:*:* cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9290-k7:-:*:*:*:*:*:*:* cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9200-k5_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9230-k7:-:*:*:*:*:*:*:* cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9230-k7_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9230-k5:-:*:*:*:*:*:*:* cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9290-k7_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9200-k7:-:*:*:*:*:*:*:* cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9230-k5_firmware:-:*:*:*:*:*:*:* |
|
| First Time |
Dormakabagroup dormakaba Access Manager 9290-k7 Firmware
Dormakabagroup dormakaba Access Manager 9290-k5 Dormakabagroup dormakaba Access Manager 9230-k5 Dormakabagroup dormakaba Access Manager 9200-k7 Firmware Dormakabagroup dormakaba Access Manager 9230-k5 Firmware Dormakabagroup dormakaba Access Manager 9230-k7 Firmware Dormakabagroup dormakaba Access Manager 9200-k5 Firmware Dormakabagroup dormakaba Access Manager 9200-k7 Dormakabagroup Dormakabagroup dormakaba Access Manager 9290-k7 Dormakabagroup dormakaba Access Manager 9200-k5 Dormakabagroup dormakaba Access Manager 9230-k7 Dormakabagroup dormakaba Access Manager 9290-k5 Firmware |
27 Jan 2026, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
26 Jan 2026, 10:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-26 10:16
Updated : 2026-02-12 15:54
NVD link : CVE-2025-59106
Mitre link : CVE-2025-59106
CVE.ORG link : CVE-2025-59106
JSON object : View
Products Affected
- dormakaba_access_manager_9290-k7_firmware
- dormakaba_access_manager_9200-k5_firmware
- dormakaba_access_manager_9290-k5
- dormakaba_access_manager_9200-k7
- dormakaba_access_manager_9230-k5
- dormakaba_access_manager_9290-k5_firmware
- dormakaba_access_manager_9230-k7
- dormakaba_access_manager_9230-k5_firmware
- dormakaba_access_manager_9200-k5
- dormakaba_access_manager_9230-k7_firmware
- dormakaba_access_manager_9200-k7_firmware
- dormakaba_access_manager_9290-k7
CWE
CWE-272
Least Privilege Violation