{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-59106","assignerOrgId":"551230f0-3615-47bd-b7cc-93e92e730bbf","state":"PUBLISHED","assignerShortName":"SEC-VLab","dateReserved":"2025-09-09T07:53:12.879Z","datePublished":"2026-01-26T10:06:13.702Z","dateUpdated":"2026-01-27T18:44:41.817Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Access Manager 92xx-k7","vendor":"dormakaba","versions":[{"status":"affected","version":"92xx-k7: <BAME 06.00"}]}],"credits":[{"lang":"en","type":"finder","value":"Clemens Stockenreitner, SEC Consult Vulnerability Lab"},{"lang":"en","type":"finder","value":"Werner Schober, SEC Consult Vulnerability Lab"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges. <br>"}],"value":"The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges."}],"impacts":[{"capecId":"CAPEC-234","descriptions":[{"lang":"en","value":"CAPEC-234: Hijacking a privileged process"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-272","description":"CWE-272: Least Privilege Violation","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"551230f0-3615-47bd-b7cc-93e92e730bbf","shortName":"SEC-VLab","dateUpdated":"2026-01-26T10:06:13.702Z"},"references":[{"tags":["technical-description"],"url":"https://r.sec-consult.com/dormakaba"},{"tags":["third-party-advisory"],"url":"https://r.sec-consult.com/dkaccess"},{"tags":["vendor-advisory"],"url":"https://www.dormakabagroup.com/en/security-advisories"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"To secure the devices from unauthorized access, it is highly recommended to change the default password and update to at least firmware version BAME 06.00.x RA.<br>"}],"value":"To secure the devices from unauthorized access, it is highly recommended to change the default password and update to at least firmware version BAME 06.00.x RA."}],"source":{"discovery":"EXTERNAL"},"title":"Web Server Running with Root Privileges in dormakaba access manager","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":8.8,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2026-01-27T18:44:35.148811Z","id":"CVE-2025-59106","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-27T18:44:41.817Z"}}]}}