CVE-2025-59102 MEDIUM

CVE-2025-59102: Secrets Stored in Plaintext in Database in dormakaba access manager

Vendor Dormakaba
Product Access Manager 92xx-k5
Weakness CWE-312 · Cleartext storage
Published January 26, 2026
Last update January 26, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with the fact that an attacker can easily get access to the backup functionality by abusing the session management issue (CVE-2025-59101), or by exploiting the weak default password (CVE-2025-59108), or by simply setting a new password without prior authentication via the SOAP API (CVE-2025-59097), it is easily possible to access the sensitive data on the device.

Key dates

02Disclosure timeline

January 26, 2026 CVE published
January 26, 2026 Record updated