CVE-2025-59109 identifies a vulnerability in the dormakaba registration unit 9002 PIN pads, where an exposed UART header on the device's backside transmits every button press, including sensitive PIN entries, in clear text. This hardware debug interface was intended for development but remains accessible in production devices, leaking critical input data. The vulnerability is classified under CWE-1295, indicating debug messages revealing unnecessary information. An attacker with physical access can remove the PIN pad, install a hardware implant that connects to the UART interface, and exfiltrate PIN data wirelessly (e.g., via WiFi). The device's plug-and-play design facilitates easy removal and replacement, lowering the barrier for such attacks. The affected versions are those with firmware below SW0039. The CVSS 4.0 vector (AV:P/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N) reflects that exploitation requires physical access but no privileges or authentication, with user interaction needed (pressing buttons). The vulnerability impacts confidentiality severely (PIN leakage), but integrity and availability are not affected. No patches are currently linked, and no exploits are known in the wild. This vulnerability poses a significant risk to environments relying on these PIN pads for secure authentication or access control, as compromised PINs can lead to unauthorized access.

The primary impact is the compromise of PIN confidentiality, which can lead to unauthorized physical or logical access if attackers obtain valid credentials. Organizations using dormakaba registration unit 9002 PIN pads for access control, time attendance, or secure authentication may face increased risk of insider threats or external attackers gaining entry. The ease of physical removal and implant installation means that facilities with insufficient physical security controls are particularly vulnerable. While the vulnerability does not affect system integrity or availability directly, the loss of credential confidentiality can cascade into broader security breaches. The attack requires physical access, so environments with high foot traffic or less controlled hardware access points are at greater risk. The absence of known exploits in the wild suggests this is a latent threat, but the medium CVSS score reflects the realistic potential for exploitation in targeted attacks. The lack of firmware patches increases exposure duration. Organizations may also face compliance and reputational risks if PIN data is leaked.

1. Enforce strict physical security controls around PIN pad devices to prevent unauthorized removal or tampering, including surveillance and tamper-evident seals. 2. Regularly inspect devices for signs of hardware implants or unauthorized modifications. 3. Restrict access to areas where PIN pads are installed to trusted personnel only. 4. Coordinate with dormakaba to obtain firmware updates beyond version SW0039 that address this vulnerability and apply them promptly. 5. Consider deploying additional authentication factors or alternative input methods that do not expose sensitive data via hardware interfaces. 6. Implement network monitoring to detect unusual wireless signals near PIN pad locations that could indicate data exfiltration attempts. 7. Educate staff on the risks of physical device tampering and encourage reporting of suspicious activity. 8. For new deployments, evaluate alternative devices that do not expose debug interfaces or sensitive input data. 9. If possible, disable or physically block access to the UART header on existing devices to prevent hardware implants. 10. Maintain an inventory of all PIN pad devices and their firmware versions to ensure timely vulnerability management.