EUVD-2016-10805

| CVE-2016-20025 HIGH
2026-03-15 VulnCheck
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
PoC Detected
Mar 16, 2026 - 14:53 vuln.today
Public exploit code
EUVD ID Assigned
Mar 15, 2026 - 14:00 euvd
EUVD-2016-10805
Analysis Generated
Mar 15, 2026 - 14:00 vuln.today
CVE Published
Mar 15, 2026 - 13:35 nvd
HIGH 8.8

Tags

Privilege Escalation Path Traversal Information Disclosure Zkteco Zkaccess Professional

Description

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.

Analysis

Privilege escalation vulnerability in ZKTeco ZKAccess Professional 3.5.3 (Build 0005) where authenticated users can modify executable files due to insecure permissions, allowing them to replace binaries with malicious code and gain elevated privileges. Multiple public exploits are available (exploit-db, PacketStorm) making this a high-risk vulnerability for organizations using this access control software, despite no current KEV listing or EPSS data.

Technical Context

ZKTeco ZKAccess Professional (CPE: cpe:2.3:a:zkteco_inc.:zkteco_zkaccess_professional:*:*:*:*:*:*:*:*) is an access control management software that suffers from CWE-552 (Files or Directories Accessible to External Parties). The vulnerability stems from improper file permissions where the 'Authenticated Users' Windows group has Modify permissions on executable files within the application directory. This allows any authenticated user on the system to replace legitimate executables with malicious binaries that will execute with the privileges of the service or user running the application.

Affected Products

ZKTeco ZKAccess Professional version 3.5.3 (Build 0005) is specifically affected according to EUVD-2016-10805. The CPE string indicates all versions may be affected (cpe:2.3:a:zkteco_inc.:zkteco_zkaccess_professional:*), though only 3.5.3 is confirmed vulnerable. This is enterprise access control software used for managing physical security systems, making it a critical infrastructure component for affected organizations.

Remediation

No specific patch information is available in the provided references. Organizations should: 1) Contact ZKTeco for an updated version that addresses the file permission issue, 2) Implement compensating controls by manually correcting file permissions to remove Modify rights for Authenticated Users on executable files, 3) Monitor for unauthorized modifications to application binaries, 4) Restrict local access to systems running ZKAccess Professional to trusted administrators only. The vendor advisory link (https://www.vulncheck.com/advisories/zkteco-zkaccess-professional-privilege-escalation-via-insecure-permissions) may contain additional mitigation details.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +44
POC: +20

Share

EUVD-2016-10805 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy