CVE-2025-59100

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

CVE-2025-59099

The Access Manager is using the open source web server CompactWebServer written in C. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication. Hence, it is possible to retrieve all files...

CVE-2025-59102

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

CVE-2025-59093

Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read by every user from the registry. This allows an attacker t...

CVE-2025-59105

CVE-2025-59105 describes unencrypted flash storage in the dormakaba access manager. With physical access and time, an attacker can desolder, modify, and reflash memory, enabling read/write of critical data (e.g., /etc/passwd, stored certificates, cryptographic keys, PINs) and potentially gain SSH...

EUVD-2025-206374

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

EUVD-2025-206369

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

CVE-2025-59102

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

CVE-2025-59102

The CVE-2025-59102 entry concerns the Access Manager web server’s backup-download functionality, which can expose the device’s entire configuration including unencrypted PINs and MIFARE keys. Connected Red Hat CVEs clarify the adjacent issues: CVE-2025-59101 allows an attacker to bypass session m...

CVE-2025-59102 Secrets Stored in Plaintext in Database in dormakaba access manager

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

CVE-2025-59100

CVE-2025-59100 affects dormakaba access manager. The web interface allows exporting the internal SQLite database; after export an automatic download starts and the device reboots, at which point the exported database is deleted. In some cases the device does not reboot or the export is not delete...

CVE-2025-59100 Unauthenticated Access to the SQLite Database in dormakaba access manager

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

CVE-2025-59100

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

CVE-2025-59100 Unauthenticated Access to the SQLite Database in dormakaba access manager

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

EUVD-2025-206364

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

EUVD-2025-206363

The Access Manager is using the open source web server CompactWebServer written in C. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication. Hence, it is possible to retrieve all files...

CVE-2025-59099 Unauthenticated Path Traversal in dormakaba access manager

The Access Manager is using the open source web server CompactWebServer written in C. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication. Hence, it is possible to retrieve all files...

CVE-2025-59099 Unauthenticated Path Traversal in dormakaba access manager

The Access Manager is using the open source web server CompactWebServer written in C. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication. Hence, it is possible to retrieve all files...

CVE-2025-59099

The Access Manager is using the open source web server CompactWebServer written in C. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication. Hence, it is possible to retrieve all files...

EUVD-2025-206357

The program libraries DLL and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined with a cryptographic key cryptoKey to transform...