CVE-2025-59091

CRITICAL EPSS 50.6%

Published Jan 26, 20265mo ago · Modified Jun 17, 20261w ago

9.3 CVSS 4.0

Critical

Published Jan 26, 2026 5mo ago

Last Modified Jun 17, 2026 1w ago

Description

Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 datapoint server running on port 1004 and 1005. This server is used for relaying status information from and to the Access Managers. This information, among other things, is used to graphically visualize open doors and alerts. However, controlling the Access Managers via this interface is also possible. To send and receive status information, authentication is necessary. The Kaba exos 9300 application contains hard-coded credentials for four different users, which are allowed to login to the datapoint server and receive as well as send information, including commands to open arbitrary doors.

CVSS Details

Base Score

9.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

50.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-798 Use of Hard-coded Credentials Authentication

References 3

r.sec-consult.com https://r.sec-consult.com/dkexos
r.sec-consult.com https://r.sec-consult.com/dormakaba
dormakabagroup.com https://www.dormakabagroup.com/en/security-advisories

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.