CVE-2025-45746 MEDIUM

CVE-2025-45746

Vendor Zkteco
Product ZKBio CVSecurity
Weakness CWE-321
Published May 13, 2025
Last update May 21, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and because access to the service console does not result in login access or data access in the context of the application software platform.

Key dates

02Disclosure timeline

May 13, 2025 CVE published
May 21, 2025 Record updated