Skip to main content

CVE-2025-59107

Use of Hard-coded Credentials (CWE-798)
2026-01-26 551230f0-3615-47bd-b7cc-93e92e730bbf

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:00 vuln.today
CVE Published
Jan 26, 2026 - 10:16 nvd
N/A

DescriptionCVE.org

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be extracted. This password was valid for multiple observed firmware versions.

AnalysisAI

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file.

Technical ContextAI

Classified as CWE-798 (Use of Hard-coded Credentials). Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be extracted. This password was valid for multiple observed firmware versions.

Affected ProductsAI

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network

RemediationAI

Monitor vendor advisories for a patch.

Share

CVE-2025-59107 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy