Platform
other
Component
kaba-exos-9300-system-management
A critical Privilege Escalation vulnerability has been discovered in the Kaba exos 9300 System management application (d9sysdef.exe). This flaw allows a local attacker to execute arbitrary code with SYSTEM privileges by exploiting the application's ability to schedule executable files. All versions of the Kaba exos 9300 System management are affected, and a patch is not currently available, necessitating manual mitigation strategies.
The impact of this vulnerability is severe. A successful exploitation allows an attacker to gain complete control over the system running the Kaba exos 9300 System management application. This includes the ability to install malware, steal sensitive data, modify system configurations, and potentially pivot to other systems on the network. The SYSTEM privileges granted by this escalation effectively bypass standard security controls, making it a high-risk vulnerability. The ability to schedule arbitrary executables with elevated privileges mirrors the impact of other privilege escalation vulnerabilities, potentially allowing for full system compromise.
This vulnerability is currently not listed on the CISA KEV catalog. The probability of exploitation is considered medium due to the local nature of the vulnerability and the lack of publicly available exploits. However, the high impact of successful exploitation warrants immediate attention. Public proof-of-concept code is not currently available, but the vulnerability's nature suggests it could be relatively easily exploited by skilled attackers.
Exploit Status
EPSS
0.02% (3% percentile)
CISA SSVC
Due to the absence of a direct patch, mitigation focuses on restricting access and preventing exploitation. Immediately restrict access to the d9sysdef.exe application to only authorized personnel. Implement strict file system permissions to prevent unauthorized modification of the application's configuration files. Consider disabling the scheduling functionality within the application if it is not essential. Regularly monitor system logs for suspicious activity, particularly any attempts to modify scheduled tasks or execute unexpected processes. After implementing these controls, verify their effectiveness by attempting to trigger the vulnerability in a controlled environment.
Apply the manual mitigations provided by the vendor dormakaba. Consult security advisories on their website for detailed instructions on how to prevent privilege escalation.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-59094 is a vulnerability in the Kaba exos 9300 System management application allowing local attackers to gain SYSTEM privileges and execute arbitrary code.
Yes, all versions of the Kaba exos 9300 System management application are currently affected by this vulnerability. A patch is not yet available.
Since a patch is unavailable, mitigation involves restricting access to the application, implementing strict file system permissions, and monitoring system logs for suspicious activity.
While no active exploitation has been confirmed, the vulnerability's nature suggests it could be exploited by skilled attackers.
Please refer to the Kaba website or contact Kaba support for the latest advisory and security recommendations regarding CVE-2025-59094.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.