CVE-2025-59095

The program libraries (DLL) and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined with a cryptographic key (cryptoKey) to transform each character of the input string. However, it's important to note that this implementation does not provide strong encryption and should not be considered secure for sensitive data. It's more of a custom encryption approach rather than a common algorithm used in cryptographic applications. The key itself is static and based on the founder's name of the company. The functionality is for example used to encrypt the user PINs before storing them in the MSSQL database.

CVSS

No CVSS.

References

Link	Resource
https://r.sec-consult.com/dkexos
https://r.sec-consult.com/dormakaba
https://www.dormakabagroup.com/en/security-advisories

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Las librerías del programa (DLL) y los binarios utilizados por exos 9300 contienen múltiples secretos codificados de forma rígida. Un ejemplo notable es la función 'EncryptAndDecrypt' en la librería Kaba.EXOS.common.dll. Este algoritmo utiliza una técnica de cifrado XOR simple combinada con una clave criptográfica (cryptoKey) para transformar cada carácter de la cadena de entrada. Sin embargo, es importante señalar que esta implementación no proporciona un cifrado fuerte y no debe considerarse segura para datos sensibles. Es más un enfoque de cifrado personalizado en lugar de un algoritmo común utilizado en aplicaciones criptográficas. La clave en sí es estática y se basa en el nombre del fundador de la empresa. La funcionalidad se utiliza, por ejemplo, para cifrar los PIN de usuario antes de almacenarlos en la base de datos MSSQL.

26 Jan 2026, 10:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-26 10:16

Updated : 2026-04-15 00:35

NVD link : CVE-2025-59095

Mitre link : CVE-2025-59095

CVE.ORG link : CVE-2025-59095

JSON object : View

Products Affected

No product.

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2025-59095", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-26T10:16:06.987", "references": [{"url": "https://r.sec-consult.com/dkexos", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}, {"url": "https://r.sec-consult.com/dormakaba", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}, {"url": "https://www.dormakabagroup.com/en/security-advisories", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "The program libraries (DLL) and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function \"EncryptAndDecrypt\" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined with a cryptographic key (cryptoKey) to transform each character of the input string. However, it's important to note that this implementation does not provide strong encryption and should not be considered secure for sensitive data. It's more of a custom encryption approach rather than a common algorithm used in cryptographic applications. The key itself is static and based on the founder's name of the company. The functionality is for example used to encrypt the user PINs before storing them in the MSSQL database."}, {"lang": "es", "value": "Las librer\u00edas del programa (DLL) y los binarios utilizados por exos 9300 contienen m\u00faltiples secretos codificados de forma r\u00edgida. Un ejemplo notable es la funci\u00f3n 'EncryptAndDecrypt' en la librer\u00eda Kaba.EXOS.common.dll. Este algoritmo utiliza una t\u00e9cnica de cifrado XOR simple combinada con una clave criptogr\u00e1fica (cryptoKey) para transformar cada car\u00e1cter de la cadena de entrada. Sin embargo, es importante se\u00f1alar que esta implementaci\u00f3n no proporciona un cifrado fuerte y no debe considerarse segura para datos sensibles. Es m\u00e1s un enfoque de cifrado personalizado en lugar de un algoritmo com\u00fan utilizado en aplicaciones criptogr\u00e1ficas. La clave en s\u00ed es est\u00e1tica y se basa en el nombre del fundador de la empresa. La funcionalidad se utiliza, por ejemplo, para cifrar los PIN de usuario antes de almacenarlos en la base de datos MSSQL."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf"}