Vulnerability in Dormakaba Kaba Exos 9300

CVE-2025-59096

The default password for the extended admin user mode in the application U9ExosAdmin.exe ("Kaba 9300 Administration") is hard-coded in multiple locations as well as documented in the locally stored user documentation.

EPSS: 0.000 (6.1th percentile) — read the EPSS interpretation.

Affected products

Dormakaba Kaba Exos 9300 — versions All versions, manual mitigation needed!

Weakness classification (CWE)

CWE-798 — Use of Hard-coded Credentials

References

r.sec-consult.com/dormakaba (technical-description)
r.sec-consult.com/dkexos (third-party-advisory)
www.dormakabagroup.com/en/security-advisories (vendor-advisory)