{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2016-20025", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-15T12:36:13.750Z", "datePublished": "2026-03-15T13:35:13.072Z", "dateUpdated": "2026-06-08T15:11:22.251Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-06-08T15:11:22.251Z" }, "datePublic": "2016-08-30T00:00:00.000Z", "title": "ZKTeco ZKAccess Professional 3.5.3 Privilege Escalation via Insecure Permissions", "descriptions": [ { "lang": "en", "value": "ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation." } ], "problemTypes": [ { "descriptions": [ { "lang": "en", "description": "Files or Directories Accessible to External Parties", "cweId": "CWE-552", "type": "CWE" } ] } ], "affected": [ { "vendor": "ZKTeco Inc.", "product": "ZKTeco ZKAccess Professional", "versions": [ { "version": "3.5.3 (Build 0005)", "status": "affected" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS" }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "references": [ { "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5361.php", "name": "Zero Science Lab Disclosure", "tags": [ "third-party-advisory" ] }, { "url": "https://cxsecurity.com/issue/WLB-2016080265", "name": "CXSecurity", "tags": [ "third-party-advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116486", "name": "IBM X-Force Exchange", "tags": [ "vdb-entry" ] }, { "url": "https://packetstormsecurity.com/files/138566", "name": "Packet Storm Security", "tags": [ "exploit" ] }, { "url": "https://www.exploit-db.com/exploits/40323/", "name": "Reference", "tags": [ "exploit" ] }, { "name": "VulnCheck Advisory: ZKTeco ZKAccess Professional 3.5.3 Privilege Escalation via Insecure Permissions", "tags": [ "third-party-advisory" ], "url": "https://www.vulncheck.com/advisories/zkteco-zkaccess-professional-privilege-escalation-via-insecure-permissions" } ], "credits": [ { "lang": "en", "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab", "type": "finder" } ], "x_generator": { "engine": "vulncheck" }, "solutions": [ { "lang": "en", "value": "The affected software ZKBioSecurity and ZKAccess have been officially discontinued. It is recommended that users switch to using ZKBio CVSecurity software. ZKBio CVSecurity has fixed these vulnerabilities. It is recommended that customers use the latest version of ZKBio CVSecurity to eliminate risks." } ], "tags": [ "unsupported-when-assigned" ] }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "id": "CVE-2016-20025", "role": "CISA Coordinator", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "version": "2.0.3", "timestamp": "2026-03-16T14:15:40.818968Z" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T14:20:21.010Z" } } ] } }