CVE-2025-59096
Unknown Unknown - Not Provided

Hard-Coded Password in U9ExosAdmin.exe Enables Unauthorized Access

Vulnerability report for CVE-2025-59096, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-26

Last updated on: 2026-01-26

Assigner: SEC Consult Vulnerability Lab

Description

The default password for the extended admin user mode in the application U9ExosAdmin.exe ("Kaba 9300 Administration") is hard-coded in multiple locations as well as documented in the locally stored user documentation.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-26
Last Modified
2026-01-26
Generated
2026-07-06
AI Q&A
2026-01-26
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
kaba 9300_administration *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves the application U9ExosAdmin.exe ("Kaba 9300 Administration") having a hard-coded default password for the extended admin user mode. This password is embedded in multiple locations within the application and is also documented in the locally stored user documentation, making it potentially accessible to unauthorized users.

Impact Analysis

The presence of a hard-coded default password can allow unauthorized users with local access to gain extended administrative privileges, potentially leading to unauthorized configuration changes, data exposure, or system compromise.

Mitigation Strategies

To mitigate this vulnerability, immediately change the default hard-coded password for the extended admin user mode in the U9ExosAdmin.exe application. Avoid using documented default passwords and ensure that all admin credentials are unique and securely stored. Additionally, review and restrict access to the locally stored user documentation that contains the default password.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59096. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart