{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T08:43:02.186","vulnerabilities":[{"cve":{"id":"CVE-2025-59106","sourceIdentifier":"551230f0-3615-47bd-b7cc-93e92e730bbf","published":"2026-01-26T10:16:08.513","lastModified":"2026-02-12T15:54:17.057","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges."},{"lang":"es","value":"El binario que sirve al servidor web y que ejecuta prácticamente todas las acciones lanzadas desde la interfaz de usuario web se está ejecutando con privilegios de root. Esto va en contra del principio de mínimo privilegio. Si un atacante es capaz de ejecutar código en el sistema a través de otras vulnerabilidades, es posible ejecutar comandos directamente con los privilegios más altos."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"551230f0-3615-47bd-b7cc-93e92e730bbf","type":"Secondary","description":[{"lang":"en","value":"CWE-272"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9200-k7_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"bame_06.00","matchCriteriaId":"677FDE80-CB98-4CAA-BAEA-B75CD903CE15"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9200-k7:-:*:*:*:*:*:*:*","matchCriteriaId":"625A7698-8C85-443A-8234-3378335CF871"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9230-k7_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"bame_06.00","matchCriteriaId":"88F6324C-CCC1-4B42-8BE7-5D64EC43F27D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9230-k7:-:*:*:*:*:*:*:*","matchCriteriaId":"706730A1-C200-40FA-A7F0-153DAC88128A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9290-k7_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"bame_06.00","matchCriteriaId":"ECF1C26D-A592-46F3-996F-28E92C96F6BE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9290-k7:-:*:*:*:*:*:*:*","matchCriteriaId":"56E30693-0FCA-4568-A2E8-C9D3C8D4E682"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9200-k5_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"533DF243-A900-46D3-85EE-C898716A1AE6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9200-k5:-:*:*:*:*:*:*:*","matchCriteriaId":"51D3E658-5FA5-4C38-85B1-05D914AC973F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9230-k5_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A10552E6-7CC9-43DA-9020-DA344B92D50F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9230-k5:-:*:*:*:*:*:*:*","matchCriteriaId":"926B0276-D7C3-4099-AD6D-C63B860A57F4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dormakabagroup:dormakaba_access_manager_9290-k5_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4F36B37E-5048-4EB2-9B0B-3A1607ABD7D5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dormakabagroup:dormakaba_access_manager_9290-k5:-:*:*:*:*:*:*:*","matchCriteriaId":"7B8FCD3D-0E03-4ACA-884C-540866A4B7B9"}]}]}],"references":[{"url":"https://r.sec-consult.com/dkaccess","source":"551230f0-3615-47bd-b7cc-93e92e730bbf","tags":["Third Party Advisory"]},{"url":"https://r.sec-consult.com/dormakaba","source":"551230f0-3615-47bd-b7cc-93e92e730bbf","tags":["Third Party Advisory"]},{"url":"https://www.dormakabagroup.com/en/security-advisories","source":"551230f0-3615-47bd-b7cc-93e92e730bbf","tags":["Vendor Advisory"]}]}}]}