HIGH🇬🇧 English

CVE-2025-59106

CVSS 8.8v3.1pub. 2026-01-26upd. 2026-02-12

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Dormakabagroup Dormakaba Access Manager 9200 K5

    HW
    Dormakabagroup
    wszystkie wersje
  • Dormakabagroup Dormakaba Access Manager 9200 K5 Firmware

    OS
    Dormakabagroup
    wszystkie wersje
  • Dormakabagroup Dormakaba Access Manager 9200 K7

    HW
    Dormakabagroup
    wszystkie wersje
  • Dormakabagroup Dormakaba Access Manager 9200 K7 Firmware

    OS
    Dormakabagroup
    < bame_06.00
  • Dormakabagroup Dormakaba Access Manager 9230 K5

    HW
    Dormakabagroup
    wszystkie wersje
  • Dormakabagroup Dormakaba Access Manager 9230 K5 Firmware

    OS
    Dormakabagroup
    wszystkie wersje
  • Dormakabagroup Dormakaba Access Manager 9230 K7

    HW
    Dormakabagroup
    wszystkie wersje
  • Dormakabagroup Dormakaba Access Manager 9230 K7 Firmware

    OS
    Dormakabagroup
    < bame_06.00
  • Dormakabagroup Dormakaba Access Manager 9290 K5

    HW
    Dormakabagroup
    wszystkie wersje
  • Dormakabagroup Dormakaba Access Manager 9290 K5 Firmware

    OS
    Dormakabagroup
    wszystkie wersje
  • Dormakabagroup Dormakaba Access Manager 9290 K7

    HW
    Dormakabagroup
    wszystkie wersje
  • Dormakabagroup Dormakaba Access Manager 9290 K7 Firmware

    OS
    Dormakabagroup
    < bame_06.00
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje