Vulnerability in Dormakaba Kaba Exos 9300

CVE-2025-59093

Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read…

EPSS: 0.000 (7.3th percentile) — read the EPSS interpretation.

Affected products

Dormakaba Kaba Exos 9300 — versions All versions, manual mitigation needed!

Weakness classification (CWE)

CWE-656

References

r.sec-consult.com/dormakaba (technical-description)
r.sec-consult.com/dkexos (third-party-advisory)
www.dormakabagroup.com/en/security-advisories (vendor-advisory)