CVE-2025-59103
📋 TL;DR
This vulnerability allows attackers to gain SSH access to Dormakaba Access Manager 92xx devices (hardware revision K7) using hardcoded weak credentials. The passwords may not be randomized if device clocks are unset or set before 2022. Organizations using these physical access control systems are affected.
💻 Affected Systems
- Dormakaba Access Manager 92xx
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of physical access control systems allowing unauthorized building entry, credential theft, and potential physical security breaches.
Likely Case
Unauthorized SSH access leading to device configuration changes, surveillance bypass, or denial of service to legitimate users.
If Mitigated
Limited impact with proper network segmentation, strong authentication, and monitoring preventing successful exploitation.
🎯 Exploit Status
Exploitation requires SSH access with known weak credentials. No public exploit code needed as standard SSH tools work.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified
Vendor Advisory: https://www.dormakabagroup.com/en/security-advisories
Restart Required: No
Instructions:
1. Consult vendor advisory for firmware updates. 2. Ensure device clock is properly set to current date. 3. Change default SSH credentials immediately.
🔧 Temporary Workarounds
Disable SSH Service
linuxTurn off SSH service if not required for operations
systemctl stop ssh
systemctl disable ssh
Firewall Restriction
linuxBlock SSH port 22 from untrusted networks
iptables -A INPUT -p tcp --dport 22 -j DROP
🧯 If You Can't Patch
- Isolate affected devices in separate VLAN with strict access controls
- Implement network monitoring for SSH brute force attempts to port 22
🔍 How to Verify
Check if Vulnerable:
Check hardware revision (should be K7) and attempt SSH login with known default credentials if clock is unset/pre-2022Check Version:
Check device hardware label for revision K7 or consult vendor documentationVerify Fix Applied:
Verify SSH service is disabled or port 22 is blocked, and new strong credentials are required📡 Detection & Monitoring
Log Indicators:
- Failed SSH login attempts
- Successful SSH logins from unusual IPs
- Authentication failures in system logs
Network Indicators:
- SSH traffic to port 22 from unexpected sources
- Brute force patterns to port 22
SIEM Query:
source="ssh_logs" (event="Failed password" OR event="Accepted password") | stats count by src_ip