CVE-2025-59107 - Static Firmware Encryption Password in dormakaba access manager

CVE ID : CVE-2025-59107 Published : Jan. 26, 2026, 10:16 a.m. | 1 hour, 16 minutes ago Description : Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be extracted. This password was valid for multiple observed firmware versions. Severity: 8.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...