{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-59106", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "state": "PUBLISHED", "assignerShortName": "SEC-VLab", "dateReserved": "2025-09-09T07:53:12.879Z", "datePublished": "2026-01-26T10:06:13.702Z", "dateUpdated": "2026-01-27T18:44:41.817Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Access Manager 92xx-k7", "vendor": "dormakaba", "versions": [{"status": "affected", "version": "92xx-k7: <BAME 06.00"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Clemens Stockenreitner, SEC Consult Vulnerability Lab"}, {"lang": "en", "type": "finder", "value": "Werner Schober, SEC Consult Vulnerability Lab"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges. <br>"}], "value": "The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges."}], "impacts": [{"capecId": "CAPEC-234", "descriptions": [{"lang": "en", "value": "CAPEC-234: Hijacking a privileged process"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-272", "description": "CWE-272: Least Privilege Violation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2026-01-26T10:06:13.702Z"}, "references": [{"tags": ["technical-description"], "url": "https://r.sec-consult.com/dormakaba"}, {"tags": ["third-party-advisory"], "url": "https://r.sec-consult.com/dkaccess"}, {"tags": ["vendor-advisory"], "url": "https://www.dormakabagroup.com/en/security-advisories"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "To secure the devices from unauthorized access, it is highly recommended to change the default password and update to at least firmware version BAME 06.00.x RA.<br>"}], "value": "To secure the devices from unauthorized access, it is highly recommended to change the default password and update to at least firmware version BAME 06.00.x RA."}], "source": {"discovery": "EXTERNAL"}, "title": "Web Server Running with Root Privileges in dormakaba access manager", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T18:44:35.148811Z", "id": "CVE-2025-59106", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T18:44:41.817Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-59106", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-27T18:44:35.148811Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T18:44:28.259Z"}}], "cna": {"title": "Web Server Running with Root Privileges in dormakaba access manager", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Clemens Stockenreitner, SEC Consult Vulnerability Lab"}, {"lang": "en", "type": "finder", "value": "Werner Schober, SEC Consult Vulnerability Lab"}], "impacts": [{"capecId": "CAPEC-234", "descriptions": [{"lang": "en", "value": "CAPEC-234: Hijacking a privileged process"}]}], "affected": [{"vendor": "dormakaba", "product": "Access Manager 92xx-k7", "versions": [{"status": "affected", "version": "92xx-k7: <BAME 06.00"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "To secure the devices from unauthorized access, it is highly recommended to change the default password and update to at least firmware version BAME 06.00.x RA.", "supportingMedia": [{"type": "text/html", "value": "To secure the devices from unauthorized access, it is highly recommended to change the default password and update to at least firmware version BAME 06.00.x RA.<br>", "base64": false}]}], "references": [{"url": "https://r.sec-consult.com/dormakaba", "tags": ["technical-description"]}, {"url": "https://r.sec-consult.com/dkaccess", "tags": ["third-party-advisory"]}, {"url": "https://www.dormakabagroup.com/en/security-advisories", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.", "supportingMedia": [{"type": "text/html", "value": "The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges. <br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-272", "description": "CWE-272: Least Privilege Violation"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2026-01-26T10:06:13.702Z"}}}, "cveMetadata": {"cveId": "CVE-2025-59106", "state": "PUBLISHED", "dateUpdated": "2026-01-27T18:44:41.817Z", "dateReserved": "2025-09-09T07:53:12.879Z", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "datePublished": "2026-01-26T10:06:13.702Z", "assignerShortName": "SEC-VLab"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges."}], "id": "CVE-2025-59106", "lastModified": "2026-01-27T19:16:11.947", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-01-26T10:16:08.513", "references": [{"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "url": "https://r.sec-consult.com/dkaccess"}, {"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "url": "https://r.sec-consult.com/dormakaba"}, {"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "url": "https://www.dormakabagroup.com/en/security-advisories"}], "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-272"}], "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "type": "Secondary"}]}

{}