CVE-2025-59094

Published: Jan 26, 2026Modified: Jan 26, 2026

8.4

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: 551230f0-3615-47bd-b7cc-93e92e730bbf (Secondary)

Description

A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application (d9sysdef.exe). Within this application it is possible to specify an arbitrary executable as well as the weekday and start time, when the specified executable should be run with SYSTEM privileges.

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (3)

https://r.sec-consult.com/dkexos

Source: 551230f0-3615-47bd-b7cc-93e92e730bbf

https://r.sec-consult.com/dormakaba

Source: 551230f0-3615-47bd-b7cc-93e92e730bbf

https://www.dormakabagroup.com/en/security-advisories

Source: 551230f0-3615-47bd-b7cc-93e92e730bbf

Timeline

No history available yet.