PT-2026-4746 · Kaba 9300+1 · Kaba 9300+1
Published
2026-01-26
·
Updated
2026-01-26
·
CVE-2025-59096
CVSS v4.0
4.6
Medium
| Vector | AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Kaba 9300 Administration versions (affected versions not specified)
Description
The application contains a hard-coded default password for the extended admin user mode within the U9ExosAdmin.exe application. This password is present in multiple locations within the application and is also documented in the locally stored user documentation. The affected API endpoint is U9ExosAdmin.exe.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kaba 9300
U9Exosadmin.Exe