CVE-2025-59095
📋 TL;DR
This CVE reveals hard-coded cryptographic secrets in exos 9300 software components, allowing attackers to decrypt sensitive data like user PINs stored in databases. The vulnerability affects systems using the Kaba.EXOS.common.dll library with weak XOR encryption based on a static key derived from a founder's name.
💻 Affected Systems
- exos 9300 software components
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of all encrypted user PINs and other sensitive data, potentially leading to unauthorized access to physical security systems, credential theft, and privilege escalation.
Likely Case
Attackers with database access can decrypt stored PINs and other encrypted data, compromising user authentication and potentially gaining unauthorized system access.
If Mitigated
With proper network segmentation and database access controls, impact is limited to authorized users who could still decrypt sensitive data if they obtain the static key.
🎯 Exploit Status
Exploitation requires access to encrypted data and knowledge of the static key. The XOR algorithm is trivial to reverse with the known key.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://www.dormakabagroup.com/en/security-advisories
Restart Required: No
Instructions:
1. Check vendor advisory for updates. 2. Apply any available patches. 3. Replace vulnerable encryption with industry-standard algorithms. 4. Rotate all encrypted credentials.
🔧 Temporary Workarounds
Database Encryption Replacement
windowsReplace the vulnerable encryption with AES-256 or other industry-standard encryption for all sensitive data storage
Credential Rotation
allForce reset of all user PINs and re-encrypt with secure algorithm
🧯 If You Can't Patch
- Implement strict database access controls and monitoring
- Segment network to limit access to systems using vulnerable components
🔍 How to Verify
Check if Vulnerable:
Check if Kaba.EXOS.common.dll exists in system and contains the EncryptAndDecrypt function with hard-coded XOR keyCheck Version:
Check DLL version properties or consult vendor documentationVerify Fix Applied:
Verify encryption algorithm has been replaced with industry-standard implementation and all stored data has been re-encrypted📡 Detection & Monitoring
Log Indicators:
- Unusual database access patterns
- Multiple PIN decryption attempts
Network Indicators:
- Unexpected MSSQL database queries accessing encrypted PIN fields
SIEM Query:
source="mssql" AND (query="*PIN*" OR query="*EncryptAndDecrypt*")