QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-59109

Back to search

CVE-2025-59109

Published: Jan 26, 2026

Modified: Mar 3, 2026

PUBLISHED

Description

The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be easily replaced, an attacker is easily able to remove the device, install a hardware implant which connects to the UART and exfiltrates the data exposed via UART to another system (e.g. via WiFi).

VendorProductVersions

dormakaba

dormakaba registration unit 9002

affected
<SW0039

Weaknesses (CWE)

CWE-1295

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now