Home

Description

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be extracted. This password was valid for multiple observed firmware versions.

PUBLISHED Reserved 2025-09-09 | Published 2026-01-26 | Updated 2026-01-26 | Assigner SEC-VLab




HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-798: Use of Hard-coded Credentials

Product status

Default status
affected

All versions
affected

Credits

Clemens Stockenreitner, SEC Consult Vulnerability Lab finder

Werner Schober, SEC Consult Vulnerability Lab finder

References

r.sec-consult.com/dormakaba technical-description

r.sec-consult.com/dkaccess third-party-advisory

www.dormakabagroup.com/en/security-advisories vendor-advisory

cve.org (CVE-2025-59107)

nvd.nist.gov (CVE-2025-59107)

Download JSON