Security News

Cybersecurity news aggregator

🔓
HIGH Vulnerabilities NIST NVD

CVE-2025-59107: Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers ...

cve-2025-59107dormakabafirmware-extractioninformation-disclosure
CVE-2025-59107 details a vulnerability in Dormakaba's FWServiceTool, which is used to update Access Manager firmware. The tool uses a statically set password to decrypt firmware ZIP files, allowing attackers to extract the password and potentially compromise the Access Managers.
Read Full Article →

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be extracted. This password was valid for multiple observed firmware versions.

Related Articles

CRITICAL CVE-2025-59098: The Access Manager is offering a trace functionality to debug errors and issues with the device. The... NIST NVD HIGH CVE-2025-59109: The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside. T... NIST NVD
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn