CVE-2025-59107

Vulnerability Description

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be extracted. This password was valid for multiple observed firmware versions.

Vulnerability Details

Published Date

January 26, 2026

Last Modified

January 26, 2026

CWE ID

CWE-798

Source

NVD

Vendor

dormakaba

Product

Access Manager 92xx-k5

External References

https://r.sec-consult.com/dkaccess
https://r.sec-consult.com/dormakaba
https://www.dormakabagroup.com/en/security-advisories

CVE-2025-59107

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment