← Voltar para CVEs
CVE-2025-59109
N/ADescricao
The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be easily replaced, an attacker is easily able to remove the device, install a hardware implant which connects to the UART and exfiltrates the data exposed via UART to another system (e.g. via WiFi).
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado1/26/2026
Ultima modificacao1/27/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-1295
Referencias
https://r.sec-consult.com/dkaccess(551230f0-3615-47bd-b7cc-93e92e730bbf)
https://r.sec-consult.com/dormakaba(551230f0-3615-47bd-b7cc-93e92e730bbf)
https://www.dormakabagroup.com/en/security-advisories(551230f0-3615-47bd-b7cc-93e92e730bbf)
http://seclists.org/fulldisclosure/2026/Jan/24(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.