Security News

Cybersecurity news aggregator

🔓
HIGH Vulnerabilities NIST NVD

CVE-2025-59093: Exos 9300 instances are using a randomly generated database password to connect to the configured MS...

cve-2025-59093exos-9300information-disclosureauthentication-bypassmitre-ta0006
Exos 9300 instances use a predictable method to generate database passwords for connecting to MSSQL servers. This allows attackers to derive the database password and gain authenticated access to the central Exos 9300 database with elevated privileges.
Read Full Article →

Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read by every user from the registry. This allows an attacker to derive the database password and get authenticated access to the central exos 9300 database as the user Exos9300Common. The user has the roles ExosDialog and ExosDialogDotNet assigned, which are able to read most tables of the database as well as update and insert into many tables.

Related Articles

CRITICAL CVE-2025-59090: On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authent... NIST NVD HIGH CVE-2025-59092: An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process FSMobilePh... NIST NVD CRITICAL CVE-2025-59098: The Access Manager is offering a trace functionality to debug errors and issues with the device. The... NIST NVD CRITICAL CVE-2025-59091: Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 d... NIST NVD
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn