Which versions of Zkteco Zkaccess Professional are affected by CVE-2016-20025?

ZKAccess Professional 3.5.3 contains a critical privilege escalation vulnerability affecting all authenticated users of the access control system.

Is there a public PoC exploit available for CVE-2016-20025?

Yes, a public proof-of-concept exploit is available for CVE-2016-20025. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2016-20025?

Within 24 hours: Identify all instances of ZKAccess Professional 3.5.3 in production and document affected systems and user populations. Within 7 days: Implement compensating controls (restrict Authenticated Users group permissions on executable directories, enable file integrity monitoring, implement application whitelisting). Within 30 days: Contact ZKTeco for security guidance, evaluate alternative access control solutions, and develop a detailed remediation plan for system upgrades or replacement.

Zkteco Zkaccess Professional CVE-2016-20025

Q: What is the CVSS score of CVE-2016-20025?

CVE-2016-20025 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2016-10805 HIGH

Files or Directories Accessible to External Parties (CWE-552)

2026-03-15 VulnCheck

Privilege Escalation Path Traversal Information Disclosure Zkteco Zkaccess Professional

8.7

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

8.7 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 15, 2026 - 15:22 NVD

8.8 (HIGH) 8.7 (HIGH)

PoC Detected

Mar 16, 2026 - 14:53 vuln.today

Public exploit code

EUVD ID Assigned

Mar 15, 2026 - 14:00 euvd

EUVD-2016-10805

Analysis Generated

Mar 15, 2026 - 14:00 vuln.today

CVE Published

Mar 15, 2026 - 13:35 nvd

HIGH 8.8

DescriptionCVE.org

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.

AnalysisAI

Privilege escalation vulnerability in ZKTeco ZKAccess Professional 3.5.3 (Build 0005) where authenticated users can modify executable files due to insecure permissions, allowing them to replace binaries with malicious code and gain elevated privileges. Multiple public exploits are available (exploit-db, PacketStorm) making this a high-risk vulnerability for organizations using this access control software, despite no current KEV listing or EPSS data.

Technical ContextAI

ZKTeco ZKAccess Professional (CPE: cpe:2.3:a:zkteco_inc.:zkteco_zkaccess_professional:*:*:*:*:*:*:*:*) is an access control management software that suffers from CWE-552 (Files or Directories Accessible to External Parties). The vulnerability stems from improper file permissions where the 'Authenticated Users' Windows group has Modify permissions on executable files within the application directory. This allows any authenticated user on the system to replace legitimate executables with malicious binaries that will execute with the privileges of the service or user running the application.

RemediationAI

No specific patch information is available in the provided references. Organizations should: 1) Contact ZKTeco for an updated version that addresses the file permission issue, 2) Implement compensating controls by manually correcting file permissions to remove Modify rights for Authenticated Users on executable files, 3) Monitor for unauthorized modifications to application binaries, 4) Restrict local access to systems running ZKAccess Professional to trusted administrators only. The vendor advisory link (https://www.vulncheck.com/advisories/zkteco-zkaccess-professional-privilege-escalation-via-insecure-permissions) may contain additional mitigation details.

CVE-2016-20025 vulnerability details – vuln.today

Back