CVE-2025-59109
📋 TL;DR
The dormakaba PIN Pad Units 9002 have an exposed UART hardware interface that transmits every button press, including PIN codes, in plaintext. An attacker with physical access can install a hardware implant to intercept PINs. This affects organizations using these specific PIN pad devices for access control.
💻 Affected Systems
- dormakaba registration units 9002 (PIN Pad Units)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of physical security systems, unauthorized access to secured areas, theft of sensitive assets, and potential safety risks.
Likely Case
PIN code theft leading to unauthorized physical access to controlled areas, potentially enabling theft or surveillance.
If Mitigated
Limited impact if devices are physically secured and monitored, though the fundamental vulnerability remains.
🎯 Exploit Status
Exploitation requires physical access and hardware skills to install an implant, but detailed technical information is publicly available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: N/A
Vendor Advisory: https://www.dormakabagroup.com/en/security-advisories
Restart Required: No
Instructions:
No software patch available. Contact dormakaba for hardware replacement options or mitigation guidance.
🔧 Temporary Workarounds
Physical Security Enhancement
allSecure devices in tamper-evident enclosures and monitor for physical tampering.
UART Port Disable/Protection
allIf technically feasible, disable UART output or physically cover/protect the UART header.
🧯 If You Can't Patch
- Implement strict physical access controls and surveillance around PIN pad installations
- Consider replacing vulnerable units with updated hardware models if available from vendor
🔍 How to Verify
Check if Vulnerable:
Physically inspect device backside for exposed UART header (typically 4 pins). Check if button presses are transmitted via UART using a serial monitor.Check Version:
N/A - Hardware vulnerability not version-dependentVerify Fix Applied:
Verify UART header is physically covered/disabled or device has been replaced with secure model.📡 Detection & Monitoring
Log Indicators:
- Physical tampering alerts
- Access control system anomalies
- Unexpected access patterns
Network Indicators:
- Wireless signals from unauthorized devices near PIN pads (if implant uses WiFi)
SIEM Query:
Search for physical security system alerts, access control anomalies, or wireless device detection near secure areas