CVE-2025-59106

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

26/01/2026

Last modified:

26/01/2026

Description

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.

Impact

References to Advisories, Solutions, and Tools

https://r.sec-consult.com/dkaccess
https://r.sec-consult.com/dormakaba
https://www.dormakabagroup.com/en/security-advisories