Security News

Cybersecurity news aggregator

🔓
CRITICAL Vulnerabilities NIST NVD

CVE-2025-59090: On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authent...

cve-2025-59090exos-9300soapauthentication-bypassinformation-disclosure
CVE-2025-59090 describes an authentication bypass vulnerability on the exos 9300 server. A SOAP API is reachable on port 8002 without requiring authentication, allowing network access to create arbitrary access log events and query 2FA PINs associated with enrolled chip cards.
Read Full Article →

On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled chip cards.

Related Articles

HIGH CVE-2025-59092: An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process FSMobilePh... NIST NVD HIGH CVE-2025-59093: Exos 9300 instances are using a randomly generated database password to connect to the configured MS... NIST NVD CRITICAL CVE-2025-59091: Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 d... NIST NVD MEDIUM CVE-2026-6722 Use-After-Free in SOAP using Apache map Microsoft Security Response Center
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn