CVE-2025-59096

Weak Default Password in dormakaba Kaba exos 9300

Description

The default password for the extended admin user mode in the application U9ExosAdmin.exe ("Kaba 9300 Administration") is hard-coded in multiple locations as well as documented in the locally stored user documentation.

INFO

Published Date :

2026-01-26T10:04:24.548Z

Last Modified :

2026-01-26T16:10:20.331Z

Source :

SEC-VLab

AFFECTED PRODUCTS

The following products are affected by CVE-2025-59096 vulnerability.

Vendors	Products
Dormakaba	Kaba Exos 9300

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59096.

URL	Resource
https://r.sec-consult.com/dkexos
https://r.sec-consult.com/dormakaba
https://www.dormakabagroup.com/en/security-advisories

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability