CVE-2016-20025
ZKTeco ZKAccess Professional 3.5.3 Privilege Escalation via Insecure Permissions
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.
| CWE | CWE-552 |
| Vendor | zkteco inc. |
| Product | zkteco zkaccess professional |
| Published | Mar 15, 2026 |
| Last Updated | Mar 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for zkteco inc. zkteco zkaccess professional
Be the first to know when new high vulnerabilities affecting zkteco inc. zkteco zkaccess professional are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
ZKTeco Inc. / ZKTeco ZKAccess Professional
3.5.3 (Build 0005)
References
zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5361.php cxsecurity.com: https://cxsecurity.com/issue/WLB-2016080265 exchange.xforce.ibmcloud.com: https://exchange.xforce.ibmcloud.com/vulnerabilities/116486 packetstormsecurity.com: https://packetstormsecurity.com/files/138566 exploit-db.com: https://www.exploit-db.com/exploits/40323/ vulncheck.com: https://www.vulncheck.com/advisories/zkteco-zkaccess-professional-privilege-escalation-via-insecure-permissions
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab