CVE-2025-59090

CRITICAL

exos 9300 - Info Disclosure

Title source: llm

Description

On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled chip cards.

References (3)

[Various Sources] https://r.sec-consult.com/dkexos

[Various Sources] https://www.dormakabagroup.com/en/security-advisories

[Various Sources] https://r.sec-consult.com/dormakaba

Scores

CVSS v4 9.3

EPSS 0.0012

EPSS Percentile 30.9%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-1188 CWE-306

Status published

Products (2)

dormakaba/Kaba exos 9300 <4.4.0 manual mitigation needed

dormakaba/Kaba exos 9300 >=4.4.0 with 92xx-K7 secured by default

Published Jan 26, 2026

Tracked Since Feb 18, 2026