Hardcoded Credentials in Kaba exos 9300 Datapoint Server
CVE-2025-59091

9.3CRITICAL

Key Information:

Vendor

Dormakaba

Status
Kaba Exos 9300
Vendor
CVE Published:
26 January 2026

What is CVE-2025-59091?

The Kaba exos 9300 datapoint server has been found to include multiple hardcoded credentials that grant unauthorized access. These credentials can be exploited by attackers to log into the server, which operates on ports 1004 and 1005, for the purpose of relaying status information to and from Access Managers. This interface is critical as it can be utilized not only to visualize door statuses and alerts but also to manage and send commands, including the ability to open doors without proper authorization. The discovery of these hardcoded credentials poses a significant security risk, as they could be leveraged by malicious actors to gain control over physical access systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Kaba exos 9300 <4.4.1 manual mitigation needed < 4.4.1 manual mitigation needed

Kaba exos 9300 >=4.4.1 secured by default >= 4.4.1 secured by default

References

https://r.sec-consult.com/dormakaba
technical-description
https://r.sec-consult.com/dkexos
third-party-advisory
https://www.dormakabagroup.com/en/security-advisories
vendor-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Clemens Stockenreitner, SEC Consult Vulnerability Lab
Werner Schober, SEC Consult Vulnerability Lab
JSON
.