CVE-2016-20025 HIGH

CVE-2016-20025: ZKTeco ZKAccess Professional 3.5.3 Privilege Escalation via Insecure Permissions

Vendor Zkteco Inc.
Product ZKTeco ZKAccess Professional
Weakness CWE-552 · Files accessible externally
Published March 15, 2026
Last update June 8, 2026
View on NVD All CVEs

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.

Key dates

02Disclosure timeline

March 15, 2026 CVE published
June 8, 2026 Record updated