Vulnerability in Dormakaba Kaba Exos 9300

CVE-2025-59091

Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 datapoint server running on port 1004 and 1005. This server is used for relaying status information from and to the Access Managers. This in…

EPSS: 0.001 (34.1th percentile) — read the EPSS interpretation.

Affected products

Dormakaba Kaba Exos 9300 — versions <4.4.1 manual mitigation needed, >=4.4.1 secured by default

Weakness classification (CWE)

CWE-798 — Use of Hard-coded Credentials

References

r.sec-consult.com/dormakaba (technical-description)
r.sec-consult.com/dkexos (third-party-advisory)
www.dormakabagroup.com/en/security-advisories (vendor-advisory)