CVE-2025-59092
HIGHKaba exos 9300 < 4.4.0 - Unauthenticated Use of Hard-coded Credentials in RPC Service
Title source: llmDescription
An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process FSMobilePhoneInterface.exe. This service is used for interprocess communication between services and the Kaba exos 9300 GUI, containing status information about the Access Managers. Interacting with the service does not require any authentication. Therefore, it is possible to send arbitrary status information about door contacts etc. without prior authentication.
References (3)
Core 3
Core References
Various Sources technical-description
https://r.sec-consult.com/dormakaba
Various Sources third-party-advisory
https://r.sec-consult.com/dkexos
Various Sources vendor-advisory
https://www.dormakabagroup.com/en/security-advisories
Scores
CVSS v4
8.7
EPSS
0.0076
EPSS Percentile
50.2%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-798
Status
published
Products (1)
dormakaba/Kaba exos 9300
< 4.4.0
Published
Jan 26, 2026
Tracked Since
Feb 18, 2026