CVE-2025-59104

Summary

With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint (or use the 6-Pin tag-connect cable). Thus, the attacker gains access to the bootloader, where the kernel command line can be changed. An attacker is able to gain a root shell through this vulnerability.

Affected Software

VendorProductVersion RangeStatus
dormakabaAccess Manager 92xx-k792xx-k7: <BAME 06.00affected

Weaknesses

  • CWE-1234: CWE-1234: Hardware Internal or Debug Modes Allow Override of Locks

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References