Vulnerability Description
A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application (d9sysdef.exe). Within this application it is possible to specify an arbitrary executable as well as the weekday and start time, when the specified executable should be run with SYSTEM privileges.
Related Weaknesses (CWE)
References
- https://r.sec-consult.com/dkexos
- https://r.sec-consult.com/dormakaba
- https://www.dormakabagroup.com/en/security-advisories
FAQ
What is CVE-2025-59094?
CVE-2025-59094 is a documented vulnerability. A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application (d9sysdef.exe). Within this application it is possible to specify an arbitrary execut...
How severe is CVE-2025-59094?
CVSS scoring is not yet available for CVE-2025-59094. Check NVD for updates.
Is there a patch for CVE-2025-59094?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.