CVE-2016-20025 - Vulnerability Details

- ZKTeco ZKAccess Professional 3.5.3 Privilege Escalation via Insecure Permissions

Description

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.

Published: 2026-03-15

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

ZKTeco ZKAccess Professional version 3.5.3 has an insecure file permissions flaw that allows any user who is authenticated to modify executable binaries. By replacing legitimate executables with malicious code, an attacker can gain elevated privileges or fully control the system. The weakness is a case of improper authorization and file permission control.

Affected Systems

The vulnerability affects the ZKTeco ZKAccess Professional application from ZKTeco Inc., specifically version 3.5.3. There is no other version information provided, so all installations running this exact version are at risk.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity issue. The EPSS score is under 1%, suggesting a low overall exploitation probability, yet the vulnerability is still significant. It is not listed in the CISA KEV catalog, meaning there is no known widespread exploitation publicly disclosed. The attack requires an authenticated user; based on the description, the likely vector is local access or an attacker who can log into the system. If the authenticated user space is reachable remotely, then remote exploitation is possible. The impact is silent escalation, which could allow attackers to execute arbitrary code or impersonate administrators.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

ZKTeco Inc.

ZKTeco ZKAccess Professional

affected

Version	Status	Constraints
`3.5.3 (Build 0005)`	affected	—

No data.

Vendor Product Confidence Versions

Zkteco

Zkaccess Professional

100%

Version	Status	Scheme	Platform
`3.5.3 (Build 0005)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check the vendor website or contact ZKTeco support for a patch or newer version of ZKAccess Professional that removes the insecure permissions
If a patch is not immediately available, remove the Modify permission for the Authenticated Users group on all executable files within the software installation
Consider implementing file integrity monitoring to detect unauthorized changes to executable binaries
Apply general security hardening practices such as the principle of least privilege and regular security audits

Generated by OpenCVE AI on March 21, 2026 at 14:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00026.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://cxsecurity.com/issue/WLB-2016080265
https://exchange.xforce.ibmcloud.com/vulnerabilities/116486
https://packetstormsecurity.com/files/138566
https://www.exploit-db.com/exploits/40323/
https://www.vulncheck.com/advisories/zkteco-zkaccess-professional-privilege-escalation-via-insecure-permissions
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5361.php

History

Mon, 16 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 16 Mar 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zkteco Zkteco zkaccess Professional
Vendors & Products		Zkteco Zkteco zkaccess Professional

Sun, 15 Mar 2026 14:00:00 +0000

Type	Values Removed	Values Added
Description		ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.
Title		ZKTeco ZKAccess Professional 3.5.3 Privilege Escalation via Insecure Permissions
Weaknesses		CWE-552
References		https://cxsecurity.com/issue/WLB-2016080265 https://exchange.xforce.ibmcloud.com/vulnerabilities/116486 https://packetstormsecurity.com/files/138566 https://www.exploit-db.com/exploits/40323/ https://www.vulncheck.com/advisories/zkteco-zkaccess-professional-privilege-escalation-via-insecure-permissions https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5361.php
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Subscriptions

Zkteco Zkaccess Professional

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-03-15T13:35:13.072Z

Updated: 2026-03-16T14:20:21.010Z

Reserved: 2026-03-15T12:36:13.750Z

Link: CVE-2016-20025

Vulnrichment

Updated: 2026-03-16T14:17:58.469Z

NVD

Status : Deferred

Published: 2026-03-16T14:17:48.573

Modified: 2026-04-15T14:56:45.970

Link: CVE-2016-20025

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-23T14:01:51Z

Weaknesses

CWE-552

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object