CVE-2025-59094 HIGH

CVE-2025-59094: Local Privilege Escalation in dormakaba Kaba exos 9300 System management

Vendor Dormakaba
Product Kaba exos 9300
Weakness CWE-269
Published January 26, 2026
Last update January 26, 2026

CVSS base score

8.4/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application (d9sysdef.exe). Within this application it is possible to specify an arbitrary executable as well as the weekday and start time, when the specified executable should be run with SYSTEM privileges.

Key dates

02Disclosure timeline

January 26, 2026 CVE published
January 26, 2026 Record updated

Related vulnerabilities

04Related CVE