Skip to main content

CVE-2025-59090

Missing Authentication for Critical Function (CWE-306)
2026-01-26 551230f0-3615-47bd-b7cc-93e92e730bbf

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:00 vuln.today
CVE Published
Jan 26, 2026 - 10:16 nvd
N/A

DescriptionCVE.org

On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled chip cards.

AnalysisAI

On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests.

Technical ContextAI

Classified as CWE-306 (Missing Authentication for Critical Function). On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled chip cards.

Affected ProductsAI

On the exos 9300 server, a SOAP API is reachable on port 8002

RemediationAI

Monitor vendor advisories for a patch.

Share

CVE-2025-59090 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy