CVE-2025-59106

CVE-2025-59106: Web Server Running with Root Privileges in dormakaba access manager

Vendor Dormakaba
Product Access Manager 92xx-k7
Weakness CWE-272
Published January 26, 2026
Last update January 27, 2026

CVSS base score

What the vulnerability does

01Description

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.

Key dates

02Disclosure timeline

January 26, 2026 CVE published
January 27, 2026 Record updated