Vulnerability in Dormakaba Kaba Exos 9300

CVE-2025-59095

The program libraries (DLL) and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption techni…

EPSS: 0.000 (2.7th percentile) — read the EPSS interpretation.

Affected products

Dormakaba Kaba Exos 9300 — versions <4.3.3

Weakness classification (CWE)

CWE-798 — Use of Hard-coded Credentials

References

r.sec-consult.com/dormakaba (technical-description)
r.sec-consult.com/dkexos (third-party-advisory)
www.dormakabagroup.com/en/security-advisories (vendor-advisory)