CVE-2025-59100
📋 TL;DR
This vulnerability allows unauthenticated attackers to access sensitive SQLite database exports containing passwords, PINs, and encryption keys. The flaw occurs when database export files aren't properly deleted after device reboots. Organizations using affected Dormakaba access control systems are at risk.
💻 Affected Systems
- Dormakaba access control systems with web interface
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of access control systems with theft of all credentials, PINs, and encryption keys, enabling physical security bypass and credential reuse attacks.
Likely Case
Unauthenticated attackers accessing sensitive database exports containing user credentials and access control data.
If Mitigated
Limited exposure if proper network segmentation and authentication controls prevent access to the export directory.
🎯 Exploit Status
Exploitation requires accessing the export directory path without authentication when database files persist due to reboot failures.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in advisory
Vendor Advisory: https://www.dormakabagroup.com/en/security-advisories
Restart Required: Yes
Instructions:
1. Check vendor advisory for specific patch information. 2. Apply vendor-provided firmware/software updates. 3. Reboot affected devices after patching. 4. Verify database export functionality is secured.
🔧 Temporary Workarounds
Disable database export functionality
allTemporarily disable the database export feature in web interface settings
Implement authentication on export directory
allConfigure web server to require authentication for the database export directory path
🧯 If You Can't Patch
- Isolate affected systems from untrusted networks using firewalls and VLAN segmentation
- Implement strict access controls and monitoring for the web interface and export directory paths
🔍 How to Verify
Check if Vulnerable:
Attempt to access the database export directory path without authentication after performing a database export operationCheck Version:
Check web interface or device firmware version against vendor advisoryVerify Fix Applied:
Verify that authentication is required to access export directory and that exported files are properly deleted after reboot📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access attempts to database export paths
- Database export operations followed by failed reboot events
Network Indicators:
- HTTP requests to database export directory paths without authentication headers
SIEM Query:
source="web_logs" AND (uri CONTAINS "/export/" OR uri CONTAINS "database") AND auth_status="failed"