CVE-2025-59092
Unknown Unknown - Not Provided

Unauthenticated RPC Injection in Kaba exos 9300 FSMobilePhoneInterface

Vulnerability report for CVE-2025-59092, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-26

Last updated on: 2026-01-26

Assigner: SEC Consult Vulnerability Lab

Description

An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process FSMobilePhoneInterface.exe. This service is used for interprocess communication between services and the Kaba exos 9300 GUI, containing status information about the Access Managers. Interacting with the service does not require any authentication. Therefore, it is possible to send arbitrary status information about door contacts etc. without prior authentication.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-26
Last Modified
2026-01-26
Generated
2026-07-06
AI Q&A
2026-01-26
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
kaba exos_9300 *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves an RPC service in the kaba exos 9300 system, specifically the FSMobilePhoneInterface.exe process running on port 4000. The service facilitates communication between internal services and the GUI, sharing status information about Access Managers. However, it does not require any authentication, allowing an attacker to send arbitrary status information, such as door contact statuses, without prior authentication.

Impact Analysis

Because the RPC service accepts unauthenticated input, an attacker could manipulate status information related to door contacts and access control. This could lead to false status reports, potentially causing security breaches by misleading the system or operators about the actual state of access points.

Detection Guidance

You can detect this vulnerability by scanning your network for the RPC service running on port 4000, specifically the process FSMobilePhoneInterface.exe associated with the kaba exos 9300 system. Commands such as 'netstat -an | find "4000"' on Windows or 'ss -tuln | grep 4000' on Linux can help identify if the port is open. Additionally, checking running processes for FSMobilePhoneInterface.exe can confirm the presence of the vulnerable service.

Mitigation Strategies

Immediate mitigation steps include restricting network access to port 4000 to trusted hosts only, implementing firewall rules to block unauthorized access, and monitoring for any unauthorized interactions with the FSMobilePhoneInterface.exe service. Since the service does not require authentication, isolating it from untrusted networks is critical until a patch or update is available.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59092. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart