Unauthenticated RPC Service in dormakaba Kaba exos 9300_CVE-2025-59092

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Description

An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process FSMobilePhoneInterface.exe. This service is used for interprocess communication between services and the Kaba exos 9300 GUI, containing status information about the Access Managers. Interacting with the service does not require any authentication. Therefore, it is possible to send arbitrary status information about door contacts etc. without prior authentication.

Basic Information

ID CVE-2025-59092

Source SEC-VLab

Published Jan 26, 2026 at 10:03

Affected Product

Vendor dormakaba

Product Kaba exos 9300

Version < 4.4.0

Affected Versions dormakaba Kaba exos 9300 < 4.4.0

CWE Classification

CWE-798

References

{
    "lastseen": "",
    "description": "An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process FSMobilePhoneInterface.exe. This service is used for interprocess communication between services and the Kaba exos 9300 GUI, containing status information about the Access Managers. Interacting with the service does not require any authentication. Therefore, it is possible to send arbitrary status information about door contacts etc. without prior authentication.",
    "published": "2026-01-26T10:03:44.324Z",
    "modified": "2026-01-26T10:03:44.324Z",
    "type": "cve",
    "title": "Unauthenticated RPC Service in dormakaba Kaba exos 9300",
    "source": "SEC-VLab",
    "references": "https://r.sec-consult.com/dormakaba\nhttps://r.sec-consult.com/dkexos\nhttps://www.dormakabagroup.com/en/security-advisories",
    "id": "CVE-2025-59092",
    "bulletinFamily": "",
    "cwe": [
        "CWE-798"
    ],
    "cvelist": null,
    "sourceData": "dormakaba Kaba exos 9300 < 4.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Kaba exos 9300",
    "version": "< 4.4.0",
    "vendor": "dormakaba",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}