CVE-2025-59103
Unknown Unknown - Not Provided
Hardcoded Weak SSH Passwords in Access Manager 92xx K

Publication date: 2026-01-26

Last updated on: 2026-01-26

Assigner: SEC Consult Vulnerability Lab

Description
The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in older hardware revisions. In this new hardware revision it was noticed that an SSH service is exposed on port 22. By analyzing the firmware of the devices, it was noticed that there are two users with hardcoded and weak passwords that can be used to access the devices via SSH. The passwords can be also guessed very easily. The password of at least one user is set to a random value after the first deployment, with the restriction that the password is only randomized if the configured date is prior to 2022. Therefore, under certain circumstances, the passwords are not randomized. For example, if the clock is never set on the device, the battery of the clock module has been changed, the Access Manager has been factory reset and has not received a time yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-26
Last Modified
2026-01-26
Generated
2026-06-16
AI Q&A
2026-01-26
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59103
EUVD
EUVD-2025-206370
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
dormakaba access_manager to BAME_06.00 (exc)
dormakaba access_manager to XAMB_04.06.212 (exc)
dormakaba access_manager to XAMB_04.05.21 (exc)
dormakaba access_manager to BAME_04.05.16 (exc)
dormakaba access_manager to BAME_05.01.88 (exc)
dormakaba access_manager to BAME_04.07.268 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1391 The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects the Access Manager 92xx hardware revision K7, which runs Linux instead of Windows CE like older versions. An SSH service is exposed on port 22 with two users having hardcoded and weak passwords that can be easily guessed. Although one user's password is randomized after deployment if the device's configured date is before 2022, this randomization may not occur if the device clock is never set, the clock battery is changed, or the device is factory reset without receiving a time. This allows unauthorized access via SSH using weak or predictable credentials.

Impact Analysis

This vulnerability can allow unauthorized attackers to gain SSH access to the device due to weak or hardcoded passwords. This unauthorized access could lead to compromise of the device, unauthorized control, data exposure, or disruption of services provided by the Access Manager 92xx device.

Detection Guidance

This vulnerability can be detected by scanning for devices exposing SSH service on port 22, specifically Access Manager 92xx hardware revision K7 devices. You can use network scanning tools like nmap to identify devices with port 22 open. For example, the command `nmap -p 22 <target-ip>` can be used to check if SSH is accessible. Additionally, attempting to SSH into the device using the known hardcoded usernames and weak or default passwords can help confirm the vulnerability.

Mitigation Strategies

Immediate mitigation steps include changing the default or hardcoded passwords on the affected devices to strong, unique passwords. Ensure that the device's clock is correctly set to trigger password randomization if applicable. If possible, restrict SSH access to trusted networks or IP addresses and consider disabling SSH if it is not required. Applying any available firmware updates or patches from the vendor is also recommended.

Compliance Impact

The vulnerability allows unauthorized access to physical access control systems, enabling attackers to unlock doors, reconfigure devices, and extract sensitive data such as card IDs and PINs. This unauthorized access and potential data exposure could lead to non-compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive personal data and secure access controls. The exposure of sensitive authentication data and the ability to bypass security controls undermine the confidentiality and integrity requirements mandated by these regulations. Therefore, exploitation of this vulnerability poses significant risks to compliance with such standards. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59103. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart