Unauthenticated SOAP API in dormakaba Kaba exos 9300_CVE-2025-59090

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled chip cards.

Basic Information

ID CVE-2025-59090

Source SEC-VLab

Published Jan 26, 2026 at 10:03

Affected Product

Vendor dormakaba

Product Kaba exos 9300

Version <4.4.0 manual mitigation needed

Affected Versions dormakaba Kaba exos 9300 <4.4.0 manual mitigation needed

CWE Classification

CWE-306 CWE-1188

References

{
    "lastseen": "",
    "description": "On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled chip cards.",
    "published": "2026-01-26T10:03:21.868Z",
    "modified": "2026-01-26T10:03:21.868Z",
    "type": "cve",
    "title": "Unauthenticated SOAP API in dormakaba Kaba exos 9300",
    "source": "SEC-VLab",
    "references": "https://r.sec-consult.com/dormakaba\nhttps://r.sec-consult.com/dkexos\nhttps://www.dormakabagroup.com/en/security-advisories",
    "id": "CVE-2025-59090",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306",
        "CWE-1188"
    ],
    "cvelist": null,
    "sourceData": "dormakaba Kaba exos 9300 <4.4.0 manual mitigation needed",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Kaba exos 9300",
    "version": "<4.4.0 manual mitigation needed",
    "vendor": "dormakaba",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}