ГлавнаяУязвимости → CVE-2025-59106
8.8высокая

CVE-2025-59106

Описание

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.

Затрагиваемое ПО
Dormakabagroup Dormakaba access manager 9200-k7 firmwareDormakabagroup Dormakaba access manager 9200-k7Dormakabagroup Dormakaba access manager 9230-k7 firmwareDormakabagroup Dormakaba access manager 9230-k7Dormakabagroup Dormakaba access manager 9290-k7 firmwareDormakabagroup Dormakaba access manager 9290-k7Dormakabagroup Dormakaba access manager 9200-k5 firmwareDormakabagroup Dormakaba access manager 9200-k5Dormakabagroup Dormakaba access manager 9230-k5 firmwareDormakabagroup Dormakaba access manager 9230-k5Dormakabagroup Dormakaba access manager 9290-k5 firmwareDormakabagroup Dormakaba access manager 9290-k5
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://r.sec-consult.com/dkaccesshttps://r.sec-consult.com/dormakabahttps://www.dormakabagroup.com/en/security-advisories