CVE-2025-59096
📋 TL;DR
CVE-2025-59096 is a hard-coded credential vulnerability in Kaba 9300 Administration software that allows attackers to gain administrative access using a default password documented in local files. This affects all systems running vulnerable versions of U9ExosAdmin.exe where the default password hasn't been changed. Attackers can compromise the administration interface and potentially control connected physical access systems.
💻 Affected Systems
- Kaba 9300 Administration (U9ExosAdmin.exe)
- dormakaba access control systems
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of physical access control systems, unauthorized building access, security system disablement, and potential physical security breaches.
Likely Case
Unauthorized administrative access to the Kaba 9300 system, configuration changes, user privilege escalation, and audit log manipulation.
If Mitigated
Limited impact if strong network segmentation, access controls, and password changes are implemented.
🎯 Exploit Status
Exploitation requires only knowledge of the default password, which is documented in local files. No special tools or skills needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific version
Vendor Advisory: https://www.dormakabagroup.com/en/security-advisories
Restart Required: Yes
Instructions:
1. Consult dormakaba security advisory. 2. Download and apply vendor-provided patch. 3. Restart affected systems. 4. Change all default passwords.
🔧 Temporary Workarounds
Change Default Password
windowsImmediately change the default password for extended admin user mode to a strong, unique password.
Use U9ExosAdmin.exe interface to change admin password
Network Segmentation
allIsolate Kaba administration systems from general network and internet access.
🧯 If You Can't Patch
- Immediately change all default passwords to strong, unique credentials
- Implement strict network access controls and firewall rules to limit access to administration interface
🔍 How to Verify
Check if Vulnerable:
Check if U9ExosAdmin.exe exists on system and search local documentation for default password references.Check Version:
Check file properties of U9ExosAdmin.exe or consult vendor documentationVerify Fix Applied:
Verify password has been changed from default and cannot be guessed from documentation. Check vendor patch version.📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts followed by successful login with default credentials
- Configuration changes from unexpected sources
Network Indicators:
- Unexpected connections to administration port (typically 80/443 or vendor-specific)
- Traffic patterns indicating credential guessing
SIEM Query:
source="U9ExosAdmin.exe" AND (event_type="authentication" AND result="success") AND user="[default_admin_user]"