Security News

Cybersecurity news aggregator

🔓
CRITICAL Vulnerabilities Reddit r/netsec

"Open sesame": Critical vulnerabilities in dormakaba physical access control system enable unlocking arbitrary doors

dormakabaexos-9300cve-unknowncode-injectioncommand-injection
Multiple critical vulnerabilities in dormakaba exos 9300 physical access control systems allow attackers with network access to open doors and reconfigure controllers without authentication. Some systems are exposed to the internet, and critical infrastructure may be affected.
Read Full Article →

Multiple critical flaws (20 CVEs!) in dormakaba physical access control system exos 9300 & access manager & registration unit (pin pad) allow attackers with network access to open arbitrary doors, reconfigure connected controllers and peripherals without prior authentication, and much more. Seems some systems are also reachable over the internet due to misconfigurations. "According to the manufacturer, several thousand customers were affected, a small proportion of whom operate in environments with high security requirements" (critical infrastructure). submitted by /u/0x9000 [link] [comments]

Related Articles

CRITICAL CVE-2025-59091: Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 d... NIST NVD CRITICAL CVE-2025-59097: The exos 9300 application can be used to configure Access Managers (e.g. 92xx, 9230 and 9290). The c... NIST NVD MEDIUM [UPDATE] [mittel] Unbound: Schwachstelle ermöglicht Manipulation von Dateien BSI Germany HIGH [UPDATE] [hoch] Red Hat Enterprise Linux (libsoup): Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen und Datenmanipulation BSI Germany
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn