Local Privilege Escalation Flaw in Kaba Exos 9300 System Management Application
CVE-2025-59094

8.4HIGH

Key Information:

Vendor

Dormakaba

Status
Kaba Exos 9300
Vendor
CVE Published:
26 January 2026

What is CVE-2025-59094?

A security issue has been detected in the Kaba exos 9300 System management application, specifically within the executable 'd9sysdef.exe'. This vulnerability allows an attacker with local access to specify arbitrary executables to be run with SYSTEM privileges at designated times, significantly compromising system security. This could enable unauthorized users to execute malicious code with elevated rights, potentially leading to further exploitation of the affected system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Kaba exos 9300 All versions, manual mitigation needed!

References

https://r.sec-consult.com/dormakaba
technical-description
https://r.sec-consult.com/dkexos
third-party-advisory
https://www.dormakabagroup.com/en/security-advisories
vendor-advisory

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Clemens Stockenreitner, SEC Consult Vulnerability Lab
Werner Schober, SEC Consult Vulnerability Lab
JSON
.