CVE-2025-59090

Sažetak

On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled chip cards.

Reference

https://r.sec-consult.com/dkexos
https://r.sec-consult.com/dormakaba
https://www.dormakabagroup.com/en/security-advisories

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

26-01-2026 - 15:03

Objavljeno

26-01-2026 - 10:16