PT-2026-4744 · Kaba · Kaba Exos 9300
Published
2026-01-26
·
Updated
2026-01-26
·
CVE-2025-59094
CVSS v4.0
8.4
High
| Vector | AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Kaba exos 9300 versions (affected versions not specified)
Description
A local privilege escalation issue exists in the Kaba exos 9300 System management application (d9sysdef.exe). The application allows specifying an arbitrary executable, weekday, and start time to be run with SYSTEM privileges. This can be achieved by manipulating the application to execute a specified program with elevated permissions. The vulnerable application component is
d9sysdef.exe.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kaba Exos 9300