CVE-2025-59090 | THREATINT

Description

On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled chip cards.

PUBLISHED Reserved 2025-09-09 | Published 2026-01-26 | Updated 2026-01-26 | Assigner SEC-VLab

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-306: Missing Authentication for Critical Function

CWE-1188: Initialization of a Resource with an Insecure Default

Product status

Default status

unknown

<4.4.0 manual mitigation needed

affected

>=4.4.0 with 92xx-K7 secured by default

unaffected

Credits

Clemens Stockenreitner, SEC Consult Vulnerability Lab finder

Werner Schober, SEC Consult Vulnerability Lab finder

References

r.sec-consult.com/dormakaba technical-description

r.sec-consult.com/dkexos third-party-advisory

www.dormakabagroup.com/en/security-advisories vendor-advisory

cve.org (CVE-2025-59090)

nvd.nist.gov (CVE-2025-59090)

Download JSON

help @ threatint.eu