CVE-2016-20025 | THREATINT

Description

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.

PUBLISHED Reserved 2026-03-15 | Published 2026-03-15 | Updated 2026-03-16 | Assigner VulnCheck

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Files or Directories Accessible to External Parties

Product status

3.5.3 (Build 0005)

affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5361.php (Zero Science Lab Disclosure) third-party-advisory

cxsecurity.com/issue/WLB-2016080265 (CXSecurity) third-party-advisory

exchange.xforce.ibmcloud.com/vulnerabilities/116486 (IBM X-Force Exchange) vdb-entry

packetstormsecurity.com/files/138566 (Packet Storm Security) exploit

www.exploit-db.com/exploits/40323/ (Reference) exploit

www.vulncheck.com/...ege-escalation-via-insecure-permissions (VulnCheck Advisory: ZKTeco ZKAccess Professional 3.5.3 Privilege Escalation via Insecure Permissions) third-party-advisory

cve.org (CVE-2016-20025)

nvd.nist.gov (CVE-2016-20025)

Download JSON