8.8
CVE-2025-59106
- EPSS 0.68%
- Veröffentlicht 26.01.2026 10:06:13
- Zuletzt bearbeitet 12.02.2026 15:54:17
- Quelle 551230f0-3615-47bd-b7cc-93e92e
- CVE-Watchlists
- Unerledigt
LoginWeb Server Running with Root Privileges in dormakaba access manager
The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dormakabagroup ≫ Dormakaba Access Manager 9200-k7 Firmware Version < bame_06.00
Dormakabagroup ≫ Dormakaba Access Manager 9230-k7 Firmware Version < bame_06.00
Dormakabagroup ≫ Dormakaba Access Manager 9290-k7 Firmware Version < bame_06.00
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.68% | 0.477 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-272 Least Privilege Violation
The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.
https://r.sec-consult.com/dormakaba
https://www.dormakabagroup.com/en/security-advisories
https://r.sec-consult.com/dkaccess