CVE-2025-59107
Static Password Disclosure in Dormakaba FWServiceTool Firmware Updates
Publication date: 2026-01-26
Last updated on: 2026-01-26
Assigner: SEC Consult Vulnerability Lab
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dormakaba | fwservicetool | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Dormakaba FWServiceTool software, which is used to update firmware on Access Managers over a network. The firmware is sometimes provided in an encrypted ZIP file, but the password to decrypt this ZIP file is hardcoded (set statically) within the tool and can be extracted. This means an attacker could obtain the password and decrypt the firmware files for multiple firmware versions.
How can this vulnerability impact me? :
An attacker who extracts the static password can decrypt the firmware files, potentially allowing them to analyze, modify, or replace firmware updates. This could lead to unauthorized firmware installation, compromising the security and integrity of the Access Managers, and possibly enabling further attacks or unauthorized access.