CVE-2025-59106

Summary

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.

Affected Software

VendorProductVersion RangeStatus
dormakabaAccess Manager 92xx-k792xx-k7: <BAME 06.00affected

Weaknesses

  • CWE-272: CWE-272: Least Privilege Violation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References