216.73.216.214

CVE-2025-59092

· Published 26/01/2026 10:16 · Modified 26/01/2026 15:03

Labels: CVE-2025-59092 2026-01-26551230f0-3615-47bd-b7cc-93e92e730bbfCVE-2025-59092CWE-798

Essential information

Published
26/01/2026 10:16
Modified
26/01/2026 15:03
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process FSMobilePhoneInterface.exe. This service is used for interprocess communication between services and the Kaba exos 9300 GUI, containing status information about the Access Managers. Interacting with the service does not require any authentication. Therefore, it is possible to send arbitrary status information about door contacts etc. without prior authentication.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
551230f0-3615-47bd-b7cc-93e92e730bbf
NVD
View on NVD

Affected products (CPE)

ProductCPE
kaba / exos 9300 cpe:2.3:a:kaba:exos_9300:*:*:*:*:*:*:*:*

References