CVE-2025-59101
CVE-2025-59101 is a high-severity vulnerability with a CVSS 4.0 base score of 7.7. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-291.
Key facts
- Severity: High (CVSS 4.0 base score 7.7)
- EPSS exploit prediction: 1% (43rd percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-206365
- Weakness: CWE-291
- Published:
- Last modified:
Description
Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other session information is stored. Therefore, it is possible to spoof the IP address of a logged-in user to gain access to the Access Manager web interface.
Frequently asked questions
- What is CVE-2025-59101?
- Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other session information is stored. Therefore, it is possible to spoof the IP address of a logged-in user to gain access to the Access Manager web interface.
- How severe is CVE-2025-59101?
- CVE-2025-59101 has a CVSS 4.0 base score of 7.7, rated high severity.
- Is CVE-2025-59101 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (43rd percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2025-59101?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2025-59101 have an EU (EUVD) identifier?
- Yes. CVE-2025-59101 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-206365.
- When was CVE-2025-59101 published?
- CVE-2025-59101 was published on 2026-01-26 and last updated on 2026-06-17.
References
- https://r.sec-consult.com/dkaccess
- https://r.sec-consult.com/dormakaba
- https://www.dormakabagroup.com/en/security-advisories
Other CWE-291 vulnerabilities
- CVE-2025-66602 — Critical (CVSS 9.8): A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server…
- CVE-2022-46415 — Critical (CVSS 9.1): DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP…
- CVE-2024-23309 — Critical (CVSS 9.0): The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application…
- CVE-2025-34202 — High (CVSS 8.8): Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 (VA…
- CVE-2026-3690 — High (CVSS 7.4): OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass…
- CVE-2023-35906 — Medium (CVSS 5.3): IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM…