CVE-2024-58311

CRITICAL 9.8

Dormakaba Saflok System 6000 Key Generation Cryptographic Weakness

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation of the card's unique identifier.

CWE	CWE-1245
Vendor	dormakaba
Product	dormakaba saflok system 6000
Published	Dec 12, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for dormakaba dormakaba saflok system 6000

Be the first to know when new critical vulnerabilities affecting dormakaba dormakaba saflok system 6000 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

dormakaba / Dormakaba Saflok System 6000

Unknown

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/51832 dormakaba.com: https://www.dormakaba.com/ vulncheck.com: https://www.vulncheck.com/advisories/dormakaba-saflok-system-key-generation-cryptographic-weakness

Credits

a51199deefa2c2520cea24f746d899ce