The vulnerability identified as CVE-2024-58311 affects the dormakaba Saflok System 6000, a widely used electronic access control system. The root cause is an improper finite state machine (FSM) implementation in the hardware logic, specifically a predictable key generation algorithm. This algorithm deterministically generates card access keys from a 32-bit unique identifier assigned to each card. Because the key generation is predictable and based on a simple mathematical transformation, an attacker who obtains or guesses the unique identifier can compute valid access keys without needing any privileged access or user interaction. This breaks the fundamental security assumption that card keys are secret and random. The vulnerability is classified under CWE-1245, which relates to improper FSM design leading to security weaknesses. The CVSS 4.0 vector indicates the attack can be performed remotely (AV:A - adjacent network), requires low attack complexity (AC:L), no privileges (PR:N), and no user interaction (UI:N). The impact on confidentiality, integrity, and availability is high (VC:H, VI:H, VA:H), as unauthorized access can compromise physical security, allow tampering, or denial of service by unauthorized entry. Although no exploits are currently reported in the wild, the deterministic nature of the key generation algorithm makes it straightforward to develop exploits. The affected product version is unspecified, suggesting all current versions may be vulnerable until patched. The vulnerability was published on December 12, 2025, indicating recent discovery. Dormakaba is a major global provider of access control solutions, and the Saflok System 6000 is deployed in various sectors including hospitality, corporate offices, and critical infrastructure.

For European organizations, this vulnerability poses a significant risk to physical security controls. Unauthorized access to facilities protected by the Saflok System 6000 could lead to theft, espionage, sabotage, or safety incidents. Critical infrastructure facilities such as data centers, government buildings, and transportation hubs using these locks could be compromised, impacting operational continuity and regulatory compliance. The high impact on confidentiality, integrity, and availability means attackers could not only gain entry but also potentially manipulate access logs or disable locks. The ease of exploitation without authentication or user interaction increases the likelihood of attacks, especially in environments where attackers can access adjacent networks or obtain card identifiers. This vulnerability undermines trust in electronic access control systems and could lead to increased costs for incident response, physical security upgrades, and potential legal liabilities under European data protection and security regulations.

Immediate mitigation should focus on physical and procedural controls: restrict network access to the Saflok System 6000 devices to trusted administrators only, implement enhanced monitoring and logging of access attempts, and conduct physical security audits to detect unauthorized entries. Organizations should engage with dormakaba to obtain firmware or hardware patches addressing the key generation flaw. If patches are unavailable, consider replacing vulnerable locks with alternative systems that use cryptographically secure key generation. Deploy multi-factor authentication for physical access where possible, such as combining card access with PIN codes or biometric verification. Educate security personnel about the vulnerability and signs of exploitation. Regularly review and update access control policies to minimize risk exposure. For high-security environments, consider additional physical barriers and intrusion detection systems as compensating controls until the vulnerability is fully remediated.