Security Flaw in Dormakaba K7 and K5 Models Exposes Sensitive Data
CVE-2025-59105

7HIGH

Key Information:

Vendor

Dormakaba

Status
Access Manager 92xx-k5
Access Manager 92xx-k7
Vendor
CVE Published:
26 January 2026

What is CVE-2025-59105?

This vulnerability allows an attacker with physical access to Dormakaba's K7 and K5 models to manipulate critical components due to absent encryption measures. In the K7 model, the attacker can tamper with flash memory, leading to unauthorized modifications of sensitive files, including user credentials and cryptographic keys, thereby granting SSH root access. In the K5 model, the plain-text password for the Access Manager can be extracted from the SQLite database, elevating the risk of unauthorized access to security controls.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Access Manager 92xx-k5 92xx-K5: All versions

Access Manager 92xx-k7 92xx-K7: <BAME 06.00

References

https://r.sec-consult.com/dormakaba
technical-description
https://r.sec-consult.com/dkaccess
third-party-advisory
https://www.dormakabagroup.com/en/security-advisories
vendor-advisory

CVSS V4

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Clemens Stockenreitner, SEC Consult Vulnerability Lab
Werner Schober, SEC Consult Vulnerability Lab
JSON
.