CVE-2016-20025
8.8 HIGHZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privil...
Published: 2026-03-16 · Last updated: 2026-06-08
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-552
Description
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2016-20025
- [Other]https://cxsecurity.com/issue/WLB-2016080265
- [Other]https://exchange.xforce.ibmcloud.com/vulnerabilities/116486
- [Other]https://packetstormsecurity.com/files/138566
- [Other]https://www.exploit-db.com/exploits/40323/
- [Other]https://www.vulncheck.com/advisories/zkteco-zkaccess-professional-privilege-escalation-via-insecure-permissions
- [Other]https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5361.php
Related CVEs
Same CWE
- CVE-2025-14771 — Files or directories accessible to external parties vulnerability in ABB T-MAC Plus (9.9 CRITICAL)
- CVE-2026-45543 — Nextcloud is an open source content collaboration platform (5.3 MEDIUM)
- CVE-2026-40425 — The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to auth... (5.7 MEDIUM)
- CVE-2026-45088 — Dalfox is a powerful open-source XSS scanner and utility focused on automation (7.5 HIGH)
- CVE-2024-56462 — IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be rest... (7.2 HIGH)