CVE-2025-59093
Unknown Unknown - Not Provided

Exposed Database Password in Exos 9300 Enables Unauthorized Access

Vulnerability report for CVE-2025-59093, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-26

Last updated on: 2026-01-26

Assigner: SEC Consult Vulnerability Lab

Description

Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read by every user from the registry. This allows an attacker to derive the database password and get authenticated access to the central exos 9300 database as the user Exos9300Common. The user has the roles ExosDialog and ExosDialogDotNet assigned, which are able to read most tables of the database as well as update and insert into many tables.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-26
Last Modified
2026-01-26
Generated
2026-07-06
AI Q&A
2026-01-26
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
exos exos_9300 *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-656 The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves Exos 9300 instances using a database password that is generated from static random values combined with the hostname and a random string stored in the registry. Since this string can be read by any user, an attacker can derive the database password and gain authenticated access to the central Exos 9300 database as the user Exos9300Common. This user has roles that allow reading most database tables and updating or inserting data into many tables.

Impact Analysis

An attacker who exploits this vulnerability can gain authenticated access to the central Exos 9300 database with significant privileges. They can read most tables and modify data by updating or inserting into many tables, potentially leading to data breaches, data manipulation, or disruption of database integrity.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59093. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart