"Open sesame": Critical vulnerabilities in dormakaba physical access control system enable unlocking arbitrary doors

CVE-2025-59095: The program libraries (DLL) and binaries used by exos 9300 contain multiple hard-coded secrets. One ...

CVE-2025-59093: Exos 9300 instances are using a randomly generated database password to connect to the configured MS...

CVE-2025-59092: An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process FSMobilePh...

CVE-2025-59091: Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 d...

CVE-2025-59090: On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authent...