CVE-2025-59091
Unknown Unknown - Not Provided
Hardcoded Credentials in Kaba exos 9300 Enable Unauthorized Door Access

Publication date: 2026-01-26

Last updated on: 2026-01-26

Assigner: SEC Consult Vulnerability Lab

Description
Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 datapoint server running on port 1004 and 1005. This server is used for relaying status information from and to the Access Managers. This information, among other things, is used to graphically visualize open doors and alerts. However, controlling the Access Managers via this interface is also possible. To send and receive status information, authentication is necessary. The Kaba exos 9300 application contains hard-coded credentials for four different users, which are allowed to login to the datapoint server and receive as well as send information, including commands to open arbitrary doors.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-26
Last Modified
2026-01-26
Generated
2026-05-07
AI Q&A
2026-01-26
EPSS Evaluated
2026-05-05
NVD
CVE-2025-59091
EUVD
EUVD-2025-206352
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
kaba exos_9300 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves multiple hardcoded credentials in the Kaba exos 9300 datapoint server, which runs on ports 1004 and 1005. These credentials allow unauthorized users to sign in to the server, which is responsible for relaying status information to and from Access Managers. Through this interface, attackers can not only view status information such as open doors and alerts but also control the Access Managers, including sending commands to open arbitrary doors.


How can this vulnerability impact me? :

The vulnerability can have a severe impact by allowing attackers to gain unauthorized access to the datapoint server and control Access Managers. This means attackers could potentially open any door arbitrarily, compromising physical security and allowing unauthorized entry to restricted areas. Additionally, attackers could manipulate status information, leading to false alerts or hiding real security breaches.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection can be performed by scanning for the exos 9300 datapoint server running on ports 1004 and 1005 and attempting to identify the presence of hardcoded credentials by testing login attempts with known default or hardcoded usernames. Network monitoring tools can be used to detect unauthorized access or commands sent to the Access Managers via these ports. Specific commands are not provided in the available information.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting network access to ports 1004 and 1005 to trusted hosts only, monitoring for suspicious activity on these ports, and applying any available patches or updates from the vendor to remove or change the hardcoded credentials. If possible, disable the datapoint server or change authentication mechanisms to prevent unauthorized access.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart