CVE-2025-59092
Unknown Unknown - Not Provided
Unauthenticated RPC Injection in Kaba exos 9300 FSMobilePhoneInterface

Publication date: 2026-01-26

Last updated on: 2026-01-26

Assigner: SEC Consult Vulnerability Lab

Description
An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process FSMobilePhoneInterface.exe. This service is used for interprocess communication between services and the Kaba exos 9300 GUI, containing status information about the Access Managers. Interacting with the service does not require any authentication. Therefore, it is possible to send arbitrary status information about door contacts etc. without prior authentication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-26
Last Modified
2026-01-26
Generated
2026-06-16
AI Q&A
2026-01-26
EPSS Evaluated
2026-06-14
NVD
CVE-2025-59092
EUVD
EUVD-2025-206353
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
kaba exos_9300 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves an RPC service in the kaba exos 9300 system, specifically the FSMobilePhoneInterface.exe process running on port 4000. The service facilitates communication between internal services and the GUI, sharing status information about Access Managers. However, it does not require any authentication, allowing an attacker to send arbitrary status information, such as door contact statuses, without prior authentication.

Impact Analysis

Because the RPC service accepts unauthenticated input, an attacker could manipulate status information related to door contacts and access control. This could lead to false status reports, potentially causing security breaches by misleading the system or operators about the actual state of access points.

Detection Guidance

You can detect this vulnerability by scanning your network for the RPC service running on port 4000, specifically the process FSMobilePhoneInterface.exe associated with the kaba exos 9300 system. Commands such as 'netstat -an | find "4000"' on Windows or 'ss -tuln | grep 4000' on Linux can help identify if the port is open. Additionally, checking running processes for FSMobilePhoneInterface.exe can confirm the presence of the vulnerable service.

Mitigation Strategies

Immediate mitigation steps include restricting network access to port 4000 to trusted hosts only, implementing firewall rules to block unauthorized access, and monitoring for any unauthorized interactions with the FSMobilePhoneInterface.exe service. Since the service does not require authentication, isolating it from untrusted networks is critical until a patch or update is available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59092. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart