CVE-2025-59106
Published: 26 January 2026
Summary
CVE-2025-59106 is a high-severity Least Privilege Violation (CWE-272) vulnerability in Dormakabagroup Dormakaba Access Manager 9200-K7 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 26.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-6 directly enforces least privilege, preventing the web server binary from running with root privileges and blocking escalation from code execution vulnerabilities.
CM-6 establishes secure configuration settings to run the binary under a non-root account with minimal privileges required for Web UI actions.
CM-7 restricts the binary to least functionality, reducing the need for root privileges and limiting compromise impact if initial code execution occurs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a least-privilege violation where a web-server binary runs as root; this directly enables privilege escalation (T1068) once an attacker obtains any form of code execution via another vulnerability.
NVD Description
The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via…
more
other vulnerabilities it is possible to directly execute commands with highest privileges.
Deeper analysisAI
CVE-2025-59106, published on 2026-01-26, is a least privilege violation (CWE-272) with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It affects the binary in dormakaba access control systems, such as dkaccess, that serves the web server and executes actions initiated from the Web UI. This binary runs with root privileges, contravening the principle of least privilege and enabling potential escalation if initial code execution is achieved through other vulnerabilities.
An attacker with low privileges, such as an authenticated user with network access, can exploit this issue in conjunction with another vulnerability that allows code execution on the system. Successful exploitation grants direct execution of commands with root privileges, resulting in high-impact compromise of confidentiality, integrity, and availability.
Mitigation details are available in advisories from SEC Consult (https://r.sec-consult.com/dkaccess, https://r.sec-consult.com/dormakaba) and dormakaba (https://www.dormakabagroup.com/en/security-advisories).
Details
- CWE(s)