"Open sesame": Critical vulnerabilities in dormakaba physical access control system enable unlocking arbitrary doors

CVE-2025-59109: The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside. T...

CVE-2025-59107: Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers ...

CVE-2025-59098: The Access Manager is offering a trace functionality to debug errors and issues with the device. The...

CVE-2025-59097: The exos 9300 application can be used to configure Access Managers (e.g. 92xx, 9230 and 9290). The c...