CVE-2025-59096
Unknown Unknown - Not Provided
Hard-Coded Password in U9ExosAdmin.exe Enables Unauthorized Access

Publication date: 2026-01-26

Last updated on: 2026-01-26

Assigner: SEC Consult Vulnerability Lab

Description
The default password for the extended admin user mode in the application U9ExosAdmin.exe ("Kaba 9300 Administration") is hard-coded in multiple locations as well as documented in the locally stored user documentation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-26
Last Modified
2026-01-26
Generated
2026-06-16
AI Q&A
2026-01-26
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59096
EUVD
EUVD-2025-206360
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
kaba 9300_administration *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the application U9ExosAdmin.exe ("Kaba 9300 Administration") having a hard-coded default password for the extended admin user mode. This password is embedded in multiple locations within the application and is also documented in the locally stored user documentation, making it potentially accessible to unauthorized users.

Impact Analysis

The presence of a hard-coded default password can allow unauthorized users with local access to gain extended administrative privileges, potentially leading to unauthorized configuration changes, data exposure, or system compromise.

Mitigation Strategies

To mitigate this vulnerability, immediately change the default hard-coded password for the extended admin user mode in the U9ExosAdmin.exe application. Avoid using documented default passwords and ensure that all admin credentials are unique and securely stored. Additionally, review and restrict access to the locally stored user documentation that contains the default password.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59096. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart