CVE-2025-59090
Lifecycle Timeline
2DescriptionCVE.org
On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled chip cards.
AnalysisAI
On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests.
Technical ContextAI
Classified as CWE-306 (Missing Authentication for Critical Function). On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled chip cards.
Affected ProductsAI
On the exos 9300 server, a SOAP API is reachable on port 8002
RemediationAI
Monitor vendor advisories for a patch.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today