Home

Description

The default password for the extended admin user mode in the application U9ExosAdmin.exe ("Kaba 9300 Administration") is hard-coded in multiple locations as well as documented in the locally stored user documentation.

PUBLISHED Reserved 2025-09-09 | Published 2026-01-26 | Updated 2026-01-26 | Assigner SEC-VLab




MEDIUM: 4.6CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-798: Use of Hard-coded Credentials

Product status

Default status
affected

All versions, manual mitigation needed!
affected

Credits

Clemens Stockenreitner, SEC Consult Vulnerability Lab finder

Werner Schober, SEC Consult Vulnerability Lab finder

References

r.sec-consult.com/dormakaba technical-description

r.sec-consult.com/dkexos third-party-advisory

www.dormakabagroup.com/en/security-advisories vendor-advisory

cve.org (CVE-2025-59096)

nvd.nist.gov (CVE-2025-59096)

Download JSON