Dormakaba Kaba Exos 9300
7 CVEs affecting Dormakaba Kaba Exos 9300. Latest disclosed: 2026-01-26. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-59096 | | 2026-01-26 | The default password for the extended admin user mode in the application U9ExosAdmin.exe ("Kaba 9300 Administration") is hard-coded in multiple locations as we… | |
CVE-2025-59095 | | 2026-01-26 | The program libraries (DLL) and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the… | |
CVE-2025-59094 | | 2026-01-26 | A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application (d9sysdef.exe). Within this application it i… | |
CVE-2025-59093 | | 2026-01-26 | Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random valu… | |
CVE-2025-59092 | | 2026-01-26 | An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process FSMobilePhoneInterface.exe. This service is used for interprocess com… | |
CVE-2025-59091 | | 2026-01-26 | Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 datapoint server running on port 1004 and 1005. This server… | |
CVE-2025-59090 | | 2026-01-26 | On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network acces… |