Security News

Cybersecurity news aggregator

🔓
HIGH Vulnerabilities NIST NVD

CVE-2025-59109: The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside. T...

cve-2025-59109dormakabainformation-disclosurehardware-hackingpin-pad
Dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside, allowing an attacker to exfiltrate PINs. An attacker can remove the device, install a hardware implant, and exfiltrate the data exposed via UART to another system.
Read Full Article →

The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be easily replaced, an attacker is easily able to remove the device, install a hardware implant which connects to the UART and exfiltrates the data exposed via UART to another system (e.g. via WiFi).

Related Articles

LOW No Legs, No Problem: Dumping BGA MCP NAND Flash Reddit r/netsec CRITICAL CVE-2025-59098: The Access Manager is offering a trace functionality to debug errors and issues with the device. The... NIST NVD HIGH CVE-2025-59107: Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers ... NIST NVD HIGH ZeroDayRAT malware grants full access to Android, iOS devices BleepingComputer
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn