HIGH🇵🇱 Wersja polska

CVE-2025-59106

CVSS 8.8v3.1pub. 2026-01-26upd. 2026-02-12

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Dormakabagroup Dormakaba Access Manager 9200 K5

    HW
    Dormakabagroup
    wszystkie wersje
  • Dormakabagroup Dormakaba Access Manager 9200 K5 Firmware

    OS
    Dormakabagroup
    wszystkie wersje
  • Dormakabagroup Dormakaba Access Manager 9200 K7

    HW
    Dormakabagroup
    wszystkie wersje
  • Dormakabagroup Dormakaba Access Manager 9200 K7 Firmware

    OS
    Dormakabagroup
    < bame_06.00
  • Dormakabagroup Dormakaba Access Manager 9230 K5

    HW
    Dormakabagroup
    wszystkie wersje
  • Dormakabagroup Dormakaba Access Manager 9230 K5 Firmware

    OS
    Dormakabagroup
    wszystkie wersje
  • Dormakabagroup Dormakaba Access Manager 9230 K7

    HW
    Dormakabagroup
    wszystkie wersje
  • Dormakabagroup Dormakaba Access Manager 9230 K7 Firmware

    OS
    Dormakabagroup
    < bame_06.00
  • Dormakabagroup Dormakaba Access Manager 9290 K5

    HW
    Dormakabagroup
    wszystkie wersje
  • Dormakabagroup Dormakaba Access Manager 9290 K5 Firmware

    OS
    Dormakabagroup
    wszystkie wersje
  • Dormakabagroup Dormakaba Access Manager 9290 K7

    HW
    Dormakabagroup
    wszystkie wersje
  • Dormakabagroup Dormakaba Access Manager 9290 K7 Firmware

    OS
    Dormakabagroup
    < bame_06.00
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References