CVE-2025-59104 is a hardware-level vulnerability affecting dormakaba Access Manager 92xx-k7 devices with firmware versions earlier than BAME 06.00. The vulnerability arises from internal or debug modes that allow overriding device locks when an attacker has physical access. Specifically, the attacker can solder test leads onto the debug footprint or connect via a 6-pin tag-connect cable to access the bootloader. Once in the bootloader, the attacker can alter the kernel command line parameters, enabling them to spawn a root shell without any authentication. This root shell access grants full control over the device, allowing the attacker to bypass all security mechanisms, potentially disabling or manipulating access control functions. The CVSS 4.0 score is 7.0 (high severity), reflecting the need for physical access but no authentication or user interaction. The vulnerability impacts confidentiality (unauthorized access), integrity (device control manipulation), and availability (potential device disablement). No patches or known exploits currently exist, but the attack requires specialized hardware skills and time to execute. This vulnerability is classified under CWE-1234, indicating issues with hardware internal or debug modes that allow security bypasses.

For European organizations, this vulnerability poses significant risks to physical security and operational continuity. Dormakaba Access Manager 92xx-k7 devices are commonly used in commercial buildings, government facilities, and critical infrastructure sectors. An attacker exploiting this vulnerability could gain unauthorized physical access, potentially leading to theft, espionage, or sabotage. The root shell access allows attackers to disable alarms, alter access logs, or create persistent backdoors. This undermines trust in physical access controls and could lead to regulatory non-compliance, especially under GDPR and NIS Directive requirements for security of critical infrastructure. The requirement for physical access limits remote exploitation but raises concerns about insider threats or attackers gaining entry through social engineering or other means. The absence of patches means organizations must rely on physical security and monitoring until a fix is available. The impact extends beyond individual devices to the broader security posture of facilities relying on these systems.

1. Enforce strict physical security controls to prevent unauthorized access to dormakaba devices, including surveillance, access restrictions, and tamper-evident seals. 2. Regularly inspect devices for signs of tampering such as soldering or cable attachments. 3. Implement environmental monitoring to detect physical intrusion attempts near access control hardware. 4. Segregate access control devices on isolated networks to limit potential lateral movement if compromised. 5. Maintain an inventory of all affected devices and prioritize upgrades once patches or firmware updates become available from dormakaba. 6. Engage with dormakaba support to obtain timelines for patches or mitigations. 7. Train security personnel to recognize and respond to physical tampering attempts. 8. Consider deploying additional layers of authentication or multi-factor access controls to reduce reliance on vulnerable hardware. 9. Monitor access logs and device behavior for anomalies that may indicate compromise. 10. Develop incident response plans specific to physical device compromise scenarios.