216.73.216.215

CVE-2025-59109

· Published 26/01/2026 10:16 · Modified 27/01/2026 07:16

Labels: CVE-2025-59109 2026-01-26551230f0-3615-47bd-b7cc-93e92e730bbfCVE-2025-59109CWE-1295

Essential information

Published
26/01/2026 10:16
Modified
27/01/2026 07:16
Author
Creator
CVSS
5.1 MEDIUM (v3) 5.1 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be easily replaced, an attacker is easily able to remove the device, install a hardware implant which connects to the UART and exfiltrates the data exposed via UART to another system (e.g. via WiFi).

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
551230f0-3615-47bd-b7cc-93e92e730bbf
NVD
View on NVD

Affected products (CPE)

ProductCPE
dormakaba / registration units 9002 cpe:2.3:a:dormakaba:registration_units_9002:*:*:*:*:*:*:*:*

References