CVE-2025-59106
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| dormakaba | Access Manager 92xx-k7 | 92xx-k7: <BAME 06.00 | affected |
Weaknesses
- CWE-272: CWE-272: Least Privilege Violation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://r.sec-consult.com/dormakaba
- https://r.sec-consult.com/dkaccess
- https://www.dormakabagroup.com/en/security-advisories
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.